Filtered by vendor Google
Subscribe
Search
Total
9554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5676 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-5677 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-5678 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2012-5673 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 has unknown impact and attack vectors. | |||||
| CVE-2012-5285 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. | |||||
| CVE-2012-5280 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277. | |||||
| CVE-2012-5278 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-5279 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2012-5277 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5280. | |||||
| CVE-2012-5276 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and CVE-2012-5280. | |||||
| CVE-2012-5275 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280. | |||||
| CVE-2012-5274 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280. | |||||
| CVE-2012-4168 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 4.3 MEDIUM | N/A |
| Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site. | |||||
| CVE-2012-4167 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-4165 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163 and CVE-2012-4164. | |||||
| CVE-2012-4164 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163 and CVE-2012-4165. | |||||
| CVE-2012-4163 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2018-12-04 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4164 and CVE-2012-4165. | |||||
| CVE-2011-2822 | 2 Google, Microsoft | 2 Chrome, Windows | 2018-11-29 | 10.0 HIGH | N/A |
| Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors. | |||||
| CVE-2011-2455 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2018-11-29 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460. | |||||
| CVE-2011-2453 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2018-11-29 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. | |||||
| CVE-2011-2454 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2018-11-29 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. | |||||
| CVE-2011-2452 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2018-11-29 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. | |||||
| CVE-2011-2451 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2018-11-29 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. | |||||
| CVE-2011-2459 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2018-11-29 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460. | |||||
| CVE-2011-2460 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2018-11-29 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459. | |||||
| CVE-2011-2450 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2018-11-29 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
| CVE-2011-2456 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2018-11-29 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-2457 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2018-11-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-2458 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2018-11-29 | 9.3 HIGH | N/A |
| Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site. | |||||
| CVE-2011-2445 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2018-11-29 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. | |||||
| CVE-2018-9493 | 1 Google | 1 Android | 2018-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900 | |||||
| CVE-2018-9496 | 1 Google | 1 Android | 2018-11-20 | 9.3 HIGH | 7.8 HIGH |
| In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-110769924 | |||||
| CVE-2018-9497 | 1 Google | 1 Android | 2018-11-20 | 9.3 HIGH | 7.8 HIGH |
| In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-74078669 | |||||
| CVE-2018-9498 | 1 Google | 1 Android | 2018-11-20 | 9.3 HIGH | 7.8 HIGH |
| In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78354855 | |||||
| CVE-2018-9502 | 1 Google | 1 Android | 2018-11-20 | 6.1 MEDIUM | 6.5 MEDIUM |
| In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111936792 | |||||
| CVE-2018-9503 | 1 Google | 1 Android | 2018-11-20 | 7.8 HIGH | 7.5 HIGH |
| In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-80432928 | |||||
| CVE-2018-9505 | 1 Google | 1 Android | 2018-11-20 | 6.1 MEDIUM | 6.5 MEDIUM |
| In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110791536 | |||||
| CVE-2018-9506 | 1 Google | 1 Android | 2018-11-20 | 6.1 MEDIUM | 6.5 MEDIUM |
| In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111803925 | |||||
| CVE-2018-9507 | 1 Google | 1 Android | 2018-11-20 | 6.1 MEDIUM | 6.5 MEDIUM |
| In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951 | |||||
| CVE-2018-9508 | 1 Google | 1 Android | 2018-11-20 | 6.1 MEDIUM | 6.5 MEDIUM |
| In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-111936834 | |||||
| CVE-2018-9513 | 1 Google | 1 Android | 2018-11-20 | 7.2 HIGH | 7.8 HIGH |
| In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A | |||||
| CVE-2017-15407 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-20 | 6.8 MEDIUM | 8.8 HIGH |
| Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server. | |||||
| CVE-2018-6033 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-20 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. | |||||
| CVE-2018-6048 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. | |||||
| CVE-2018-6047 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page. | |||||
| CVE-2018-6050 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2018-6052 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. | |||||
| CVE-2018-6053 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-20 | 4.3 MEDIUM | 3.3 LOW |
| Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page. | |||||
| CVE-2018-6031 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-20 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2018-6054 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-20 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. | |||||