Filtered by vendor Google
Subscribe
Search
Total
9554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6288 | 1 Google | 1 Android | 2018-04-04 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-65482562. Reference: N-CVE-2017-6288. | |||||
| CVE-2017-6287 | 1 Google | 1 Android | 2018-04-04 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate.Product: Android. Version: N/A. Android: A-64893264. Reference: N-CVE-2017-6287. | |||||
| CVE-2017-6281 | 1 Google | 1 Android | 2018-04-04 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA libnvomx contains a possible out of bounds write due to a improper input validation which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-66969318. Reference: N-CVE-2017-6281. | |||||
| CVE-2017-18066 | 1 Google | 1 Android | 2018-04-04 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper controls in MSM CORE leads to use memory after it is freed in msm_core_ioctl(). | |||||
| CVE-2018-3561 | 1 Google | 1 Android | 2018-04-04 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in diag_ioctl_lsm_deinit() leads to a Use After Free condition. | |||||
| CVE-2018-3560 | 1 Google | 1 Android | 2018-04-04 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Double Free vulnerability exists in Audio Driver while opening a sound compression device. | |||||
| CVE-2017-8269 | 1 Google | 1 Android | 2018-04-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory. | |||||
| CVE-2016-5179 | 1 Google | 1 Chrome Os | 2018-03-27 | 10.0 HIGH | 9.8 CRITICAL |
| Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot. | |||||
| CVE-2017-6283 | 2 Google, Nvidia | 3 Android, Shield Tv, Shield Tv Firmware | 2018-03-27 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is rated as high. | |||||
| CVE-2017-6295 | 2 Google, Nvidia | 3 Android, Shield Tv, Shield Tv Firmware | 2018-03-27 | 3.6 LOW | 8.4 HIGH |
| NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure. This issue is rated as high. | |||||
| CVE-2017-6280 | 1 Google | 1 Android | 2018-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| NVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980. | |||||
| CVE-2017-6282 | 2 Google, Nvidia | 3 Android, Shield Tv, Shield Tv Firmware | 2018-03-27 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges. This issue is rated as high. | |||||
| CVE-2017-6296 | 2 Google, Nvidia | 3 Android, Shield Tv, Shield Tv Firmware | 2018-03-27 | 4.4 MEDIUM | 7.0 HIGH |
| NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate. | |||||
| CVE-2017-7375 | 3 Debian, Google, Xmlsoft | 3 Debian Linux, Android, Libxml2 | 2018-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable). | |||||
| CVE-2017-14884 | 1 Google | 1 Android | 2018-03-16 | 7.2 HIGH | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg. | |||||
| CVE-2017-13238 | 1 Google | 1 Android | 2018-03-13 | 4.7 MEDIUM | 4.2 MEDIUM |
| In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940. | |||||
| CVE-2017-13228 | 1 Google | 1 Android | 2018-03-13 | 9.3 HIGH | 8.8 HIGH |
| In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478425. | |||||
| CVE-2017-13230 | 1 Google | 1 Android | 2018-03-13 | 9.3 HIGH | 8.8 HIGH |
| In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665. | |||||
| CVE-2017-13231 | 1 Google | 1 Android | 2018-03-13 | 7.2 HIGH | 7.8 HIGH |
| In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232. | |||||
| CVE-2017-13233 | 1 Google | 1 Android | 2018-03-13 | 7.1 HIGH | 6.5 MEDIUM |
| In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62851602. | |||||
| CVE-2017-15820 | 1 Google | 1 Android | 2018-03-12 | 7.2 HIGH | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur. | |||||
| CVE-2017-17764 | 1 Google | 1 Android | 2018-03-12 | 7.2 HIGH | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead to a buffer overflow. | |||||
| CVE-2017-17767 | 1 Google | 1 Android | 2018-03-12 | 7.2 HIGH | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer. | |||||
| CVE-2017-15862 | 1 Google | 1 Android | 2018-03-12 | 7.2 HIGH | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow. | |||||
| CVE-2017-15861 | 1 Google | 1 Android | 2018-03-12 | 7.2 HIGH | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation. | |||||
| CVE-2017-15817 | 1 Google | 1 Android | 2018-03-12 | 9.3 HIGH | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure. | |||||
| CVE-2017-15829 | 1 Google | 1 Android | 2018-03-12 | 6.9 MEDIUM | 7.0 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition. | |||||
| CVE-2017-13235 | 1 Google | 1 Android | 2018-03-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866. | |||||
| CVE-2017-13232 | 1 Google | 1 Android | 2018-03-07 | 7.8 HIGH | 7.5 HIGH |
| In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68953950. | |||||
| CVE-2017-13240 | 1 Google | 1 Android | 2018-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819. | |||||
| CVE-2017-13239 | 1 Google | 1 Android | 2018-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132. | |||||
| CVE-2017-13242 | 1 Google | 1 Android | 2018-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248. | |||||
| CVE-2017-13241 | 1 Google | 1 Android | 2018-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651. | |||||
| CVE-2017-8260 | 1 Google | 1 Android | 2018-03-07 | 6.8 MEDIUM | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. | |||||
| CVE-2017-13229 | 1 Google | 1 Android | 2018-03-06 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703. | |||||
| CVE-2017-13246 | 1 Google | 1 Android | 2018-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469. | |||||
| CVE-2017-13243 | 1 Google | 1 Android | 2018-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991. | |||||
| CVE-2017-6258 | 1 Google | 1 Android | 2018-03-01 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-38027496. Reference: N-CVE-2017-6258. | |||||
| CVE-2017-6279 | 1 Google | 1 Android | 2018-03-01 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166. Reference: N-CVE-2017-6279. | |||||
| CVE-2017-5132 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation. | |||||
| CVE-2017-5128 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL. | |||||
| CVE-2017-5125 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2017-5127 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2017-5124 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. | |||||
| CVE-2017-15395 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. | |||||
| CVE-2017-15394 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension. | |||||
| CVE-2017-15392 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration. | |||||
| CVE-2017-15390 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |||||
| CVE-2017-15386 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2017-5131 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write. | |||||