Filtered by vendor Google
Subscribe
Search
Total
9554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-2177 | 1 Google | 1 Android | 2019-09-06 | 6.8 MEDIUM | 8.8 HIGH |
| In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2019-2178 | 1 Google | 1 Android | 2019-09-06 | 7.2 HIGH | 7.8 HIGH |
| In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-2135 | 1 Google | 1 Android | 2019-08-26 | 7.1 HIGH | 5.5 MEDIUM |
| In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-125900276. | |||||
| CVE-2019-2133 | 1 Google | 1 Android | 2019-08-26 | 9.3 HIGH | 7.8 HIGH |
| In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132082342. | |||||
| CVE-2019-2121 | 1 Google | 1 Android | 2019-08-22 | 6.9 MEDIUM | 7.0 HIGH |
| In ActivityManagerService.attachApplication of ActivityManagerService, there is a possible race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-131105245. | |||||
| CVE-2019-2129 | 1 Google | 1 Android | 2019-08-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-124781927. | |||||
| CVE-2019-2122 | 1 Google | 1 Android | 2019-08-22 | 6.9 MEDIUM | 7.3 HIGH |
| In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127605586. | |||||
| CVE-2018-9422 | 2 Debian, Google | 2 Debian Linux, Android | 2019-08-19 | 7.2 HIGH | 7.8 HIGH |
| In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel. | |||||
| CVE-2016-4273 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Mac Os X, Chrome Os and 7 more | 2019-08-19 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990. | |||||
| CVE-2019-7108 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2019-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . | |||||
| CVE-2019-7096 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2019-08-18 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-17480 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-08-17 | 6.8 MEDIUM | 8.8 HIGH |
| Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
| CVE-2018-18358 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-08-17 | 2.9 LOW | 5.7 MEDIUM |
| Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file. | |||||
| CVE-2018-18359 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2019-08-17 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2018-18354 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-08-17 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. | |||||
| CVE-2018-18347 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2019-08-17 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page. | |||||
| CVE-2018-18351 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page. | |||||
| CVE-2019-2024 | 1 Google | 1 Android | 2019-08-13 | 7.2 HIGH | 7.8 HIGH |
| In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954References: Upstream kernel | |||||
| CVE-2018-9516 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Android | 2019-08-06 | 7.2 HIGH | 7.8 HIGH |
| In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. | |||||
| CVE-2017-6275 | 1 Google | 1 Android | 2019-08-02 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275. | |||||
| CVE-2018-20073 | 1 Google | 1 Chrome | 2019-07-30 | 2.1 LOW | 5.5 MEDIUM |
| Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem. | |||||
| CVE-2019-5816 | 2 Google, Opensuse | 4 Android, Chrome, Backports and 1 more | 2019-07-25 | 6.8 MEDIUM | 8.8 HIGH |
| Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. | |||||
| CVE-2019-5811 | 3 Fedoraproject, Google, Opensuse | 3 Fedora, Chrome, Leap | 2019-07-25 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |||||
| CVE-2019-13098 | 2 Google, Tronlink | 2 Android, Wallet | 2019-07-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications. | |||||
| CVE-2017-5130 | 3 Debian, Google, Xmlsoft | 3 Debian Linux, Chrome, Libxml2 | 2019-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. | |||||
| CVE-2011-1300 | 3 Google, Microsoft, Mozilla | 3 Chrome, Windows, Firefox | 2019-07-18 | 10.0 HIGH | N/A |
| The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error. | |||||
| CVE-2014-0362 | 1 Google | 1 Search Appliance Software | 2019-07-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element. | |||||
| CVE-2012-0779 | 5 Adobe, Apple, Google and 2 more | 5 Flash Player, Mac Os X, Android and 2 more | 2019-07-18 | 9.3 HIGH | N/A |
| Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012. | |||||
| CVE-2019-2107 | 1 Google | 1 Android | 2019-07-15 | 9.3 HIGH | 8.8 HIGH |
| In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130024844. | |||||
| CVE-2016-2460 | 1 Google | 1 Android | 2019-07-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27555981. | |||||
| CVE-2019-2106 | 1 Google | 1 Android | 2019-07-09 | 9.3 HIGH | 8.8 HIGH |
| In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130023983. | |||||
| CVE-2019-2109 | 1 Google | 1 Android | 2019-07-09 | 9.3 HIGH | 8.8 HIGH |
| In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-130651570. | |||||
| CVE-2019-2116 | 1 Google | 1 Android | 2019-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| In save_attr_seq of sdp_discovery.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117105007. | |||||
| CVE-2018-16077 | 1 Google | 1 Chrome | 2019-07-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2018-6145 | 1 Google | 1 Chrome | 2019-07-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |||||
| CVE-2018-6148 | 1 Google | 1 Chrome | 2019-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2018-6149 | 1 Google | 1 Chrome | 2019-07-02 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |||||
| CVE-2018-16086 | 1 Google | 1 Chrome | 2019-07-01 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2018-6157 | 1 Google | 1 Chrome | 2019-07-01 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | |||||
| CVE-2018-6159 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2018-16073 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2018-6171 | 1 Google | 1 Chrome | 2019-07-01 | 2.9 LOW | 5.7 MEDIUM |
| Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. | |||||
| CVE-2018-16074 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2019-5785 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |||||
| CVE-2019-5786 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2018-6150 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6121 | 1 Google | 1 Chrome | 2019-07-01 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page. | |||||
| CVE-2018-6128 | 2 Apple, Google | 2 Iphone Os, Chrome | 2019-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2018-6129 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2018-6130 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||