Filtered by vendor Google
Subscribe
Search
Total
9554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9922 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c. | |||||
| CVE-2014-9933 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access. | |||||
| CVE-2016-10242 | 1 Google | 1 Android | 2017-07-11 | 7.6 HIGH | 7.0 HIGH |
| A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel. | |||||
| CVE-2016-10239 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur. | |||||
| CVE-2014-9931 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value. | |||||
| CVE-2004-2475 | 1 Google | 1 Toolbar | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability. | |||||
| CVE-2014-9963 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM. | |||||
| CVE-2016-10341 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended. | |||||
| CVE-2016-10340 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler. | |||||
| CVE-2016-10339 | 1 Google | 1 Android | 2017-07-08 | 5.8 MEDIUM | 7.1 HIGH |
| In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore. | |||||
| CVE-2016-10338 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing. | |||||
| CVE-2016-10337 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed. | |||||
| CVE-2016-10336 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. | |||||
| CVE-2016-10335 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, libtomcrypt was updated. | |||||
| CVE-2016-10334 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten. | |||||
| CVE-2016-10333 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS. | |||||
| CVE-2015-9033 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer. | |||||
| CVE-2015-9032 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 3.3 LOW |
| In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications. | |||||
| CVE-2016-10332 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications. | |||||
| CVE-2015-9031 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 3.3 LOW |
| In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP. | |||||
| CVE-2015-9030 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication. | |||||
| CVE-2015-9029 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory. | |||||
| CVE-2015-9028 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine. | |||||
| CVE-2015-9027 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. | |||||
| CVE-2015-9026 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. | |||||
| CVE-2015-9025 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application. | |||||
| CVE-2015-9024 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications. | |||||
| CVE-2015-9023 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. | |||||
| CVE-2015-9022 | 1 Google | 1 Android | 2017-07-08 | 7.6 HIGH | 7.0 HIGH |
| In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs. | |||||
| CVE-2015-9021 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. | |||||
| CVE-2015-9020 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory. | |||||
| CVE-2017-0647 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138. | |||||
| CVE-2017-0646 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33899337. | |||||
| CVE-2017-0645 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327. | |||||
| CVE-2017-0639 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35310991. | |||||
| CVE-2017-0637 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34064500. | |||||
| CVE-2014-9960 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. | |||||
| CVE-2014-9961 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. | |||||
| CVE-2014-9962 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command. | |||||
| CVE-2016-10342 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler. | |||||
| CVE-2014-9964 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality. | |||||
| CVE-2014-9965 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call. | |||||
| CVE-2014-9966 | 1 Google | 1 Android | 2017-07-08 | 7.6 HIGH | 7.0 HIGH |
| In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display. | |||||
| CVE-2014-9967 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. | |||||
| CVE-2017-7366 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters. | |||||
| CVE-2017-7373 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver. | |||||
| CVE-2017-8237 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image. | |||||
| CVE-2017-7368 | 1 Google | 1 Android | 2017-07-08 | 7.6 HIGH | 7.0 HIGH |
| In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver. | |||||
| CVE-2017-8236 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver. | |||||
| CVE-2017-7370 | 1 Google | 1 Android | 2017-07-08 | 7.6 HIGH | 7.0 HIGH |
| In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. | |||||