Filtered by vendor Google
Subscribe
Search
Total
9554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3884 | 1 Google | 1 Android | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug 29421441. | |||||
| CVE-2016-3885 | 1 Google | 1 Android | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal bug 29555636. | |||||
| CVE-2016-3874 | 1 Google | 1 Android | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges via a crafted application that sends a WE_UNIT_TEST_CMD command, aka Android internal bug 29944562 and Qualcomm internal bug CR997797. | |||||
| CVE-2016-3875 | 1 Google | 1 Android | 2017-08-13 | 7.2 HIGH | 6.8 MEDIUM |
| server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884. | |||||
| CVE-2016-3876 | 1 Google | 1 Android | 2017-08-13 | 7.2 HIGH | 6.8 MEDIUM |
| providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345. | |||||
| CVE-2016-3877 | 1 Google | 1 Android | 2017-08-13 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors. | |||||
| CVE-2016-3878 | 1 Google | 1 Android | 2017-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002. | |||||
| CVE-2016-3879 | 1 Google | 1 Android | 2017-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka internal bug 29770686. | |||||
| CVE-2016-3880 | 1 Google | 1 Android | 2017-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 25747670. | |||||
| CVE-2016-3881 | 1 Google | 1 Android | 2017-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and device hang or reboot) via a crafted media file, aka internal bug 30013856. | |||||
| CVE-2016-3883 | 1 Google | 1 Android | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attackers to spoof the premium-payment confirmation dialog via a crafted application, aka internal bug 28557603. | |||||
| CVE-2016-3886 | 1 Google | 1 Android | 2017-08-13 | 7.2 HIGH | 6.8 MEDIUM |
| systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate attackers to gain privileges by modifying a setting, aka internal bug 30107438. | |||||
| CVE-2016-2446 | 1 Google | 2 Android, Nexus 9 | 2017-08-13 | 7.6 HIGH | 7.0 HIGH |
| The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354. | |||||
| CVE-2015-3839 | 1 Google | 1 Android | 2017-08-09 | 2.1 LOW | 5.5 MEDIUM |
| The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash). | |||||
| CVE-2009-0411 | 1 Google | 1 Chrome | 2017-08-08 | 5.0 MEDIUM | N/A |
| Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script. | |||||
| CVE-2007-6452 | 1 Google | 1 Web Toolkit | 2017-08-08 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | |||||
| CVE-2017-2278 | 3 Apple, Google, Iid | 3 Iphone Os, Android, Rbb Speed Test | 2017-08-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2006-6223 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter. | |||||
| CVE-2017-3742 | 3 Google, Lenovo, Microsoft | 3 Android, Connect2, Windows | 2017-07-27 | 2.3 LOW | 4.8 MEDIUM |
| In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems. | |||||
| CVE-2017-0422 | 1 Google | 1 Android | 2017-07-25 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088. | |||||
| CVE-2017-0424 | 1 Google | 1 Android | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450. | |||||
| CVE-2017-0425 | 1 Google | 1 Android | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785. | |||||
| CVE-2017-0426 | 1 Google | 1 Android | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236. | |||||
| CVE-2017-0448 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448. | |||||
| CVE-2016-8420 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807. | |||||
| CVE-2016-10044 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.2 HIGH | 7.8 HIGH |
| The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. | |||||
| CVE-2017-0451 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129. | |||||
| CVE-2016-8419 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209. | |||||
| CVE-2016-8418 | 1 Google | 1 Android | 2017-07-25 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457. | |||||
| CVE-2017-0406 | 1 Google | 1 Android | 2017-07-25 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871. | |||||
| CVE-2017-0405 | 1 Google | 1 Android | 2017-07-25 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359. | |||||
| CVE-2017-0414 | 1 Google | 1 Android | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795. | |||||
| CVE-2017-0421 | 1 Google | 1 Android | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637. | |||||
| CVE-2017-0413 | 1 Google | 1 Android | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610. | |||||
| CVE-2017-0407 | 1 Google | 1 Android | 2017-07-25 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375. | |||||
| CVE-2016-8414 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407. | |||||
| CVE-2014-9914 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.2 HIGH | 7.8 HIGH |
| Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. | |||||
| CVE-2017-0420 | 1 Google | 1 Android | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212. | |||||
| CVE-2016-8481 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000. | |||||
| CVE-2016-8480 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186. | |||||
| CVE-2016-8476 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940. | |||||
| CVE-2016-8421 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797. | |||||
| CVE-2016-10398 | 1 Google | 1 Android | 2017-07-21 | 7.2 HIGH | 6.2 MEDIUM |
| Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X. | |||||
| CVE-2005-3869 | 1 Google | 1 Api Search | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter. | |||||
| CVE-2005-3899 | 1 Google | 1 Talk | 2017-07-20 | 5.4 MEDIUM | N/A |
| The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature verification, aka BenjiBug. | |||||
| CVE-2017-0466 | 1 Google | 1 Android | 2017-07-17 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33139050. | |||||
| CVE-2017-0467 | 1 Google | 1 Android | 2017-07-17 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33250932. | |||||
| CVE-2017-0468 | 1 Google | 1 Android | 2017-07-17 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33351708. | |||||
| CVE-2017-0469 | 1 Google | 1 Android | 2017-07-17 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33450635. | |||||
| CVE-2017-0470 | 1 Google | 1 Android | 2017-07-17 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818500. | |||||