Filtered by vendor Google
Subscribe
Search
Total
9554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21137 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. | |||||
| CVE-2021-21139 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2021-0368 | 1 Google | 1 Android | 2021-03-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In oggpack_look of bitwise.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169829774 | |||||
| CVE-2021-0370 | 1 Google | 1 Android | 2021-03-15 | 4.6 MEDIUM | 6.7 MEDIUM |
| In Write of NxpMfcReader.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169259605 | |||||
| CVE-2021-0456 | 1 Google | 1 Android | 2021-03-15 | 4.6 MEDIUM | 6.7 MEDIUM |
| In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174769927 | |||||
| CVE-2021-0457 | 1 Google | 1 Android | 2021-03-15 | 4.6 MEDIUM | 6.7 MEDIUM |
| In the FingerTipS touch screen driver, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157155375 | |||||
| CVE-2021-0459 | 1 Google | 1 Android | 2021-03-15 | 2.1 LOW | 4.4 MEDIUM |
| In fts_driver_test_write of fts_proc.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157154534 | |||||
| CVE-2021-0460 | 1 Google | 1 Android | 2021-03-15 | 2.1 LOW | 4.4 MEDIUM |
| In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156739245 | |||||
| CVE-2021-0461 | 1 Google | 1 Android | 2021-03-15 | 4.6 MEDIUM | 6.7 MEDIUM |
| In iaxxx_core_sensor_change_state of iaxxx-module.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175124074 | |||||
| CVE-2020-6522 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-03-12 | 6.8 MEDIUM | 9.6 CRITICAL |
| Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-6519 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-03-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-6516 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-03-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-0374 | 1 Google | 1 Android | 2021-03-12 | 2.1 LOW | 4.4 MEDIUM |
| In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169572641 | |||||
| CVE-2021-0375 | 1 Google | 1 Android | 2021-03-12 | 2.1 LOW | 5.5 MEDIUM |
| In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-167261484 | |||||
| CVE-2021-0378 | 1 Google | 1 Android | 2021-03-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In getNbits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154076193 | |||||
| CVE-2021-0392 | 1 Google | 1 Android | 2021-03-12 | 4.6 MEDIUM | 7.8 HIGH |
| In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-175124730 | |||||
| CVE-2021-0393 | 1 Google | 1 Android | 2021-03-12 | 6.8 MEDIUM | 7.8 HIGH |
| In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-168041375 | |||||
| CVE-2021-0394 | 1 Google | 1 Android | 2021-03-12 | 2.1 LOW | 5.5 MEDIUM |
| In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172655291 | |||||
| CVE-2021-0395 | 1 Google | 1 Android | 2021-03-12 | 4.6 MEDIUM | 7.8 HIGH |
| In StopServicesAndLogViolations of reboot.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170315126 | |||||
| CVE-2021-25347 | 1 Google | 1 Android | 2021-03-12 | 4.6 MEDIUM | 5.3 MEDIUM |
| Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed. | |||||
| CVE-2020-6517 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-03-12 | 9.3 HIGH | 8.8 HIGH |
| Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-0379 | 1 Google | 1 Android | 2021-03-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154075955 | |||||
| CVE-2021-0381 | 1 Google | 1 Android | 2021-03-12 | 2.1 LOW | 5.5 MEDIUM |
| In updateNotifications of DeviceStorageMonitorService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153466381 | |||||
| CVE-2021-0387 | 1 Google | 1 Android | 2021-03-12 | 6.9 MEDIUM | 6.4 MEDIUM |
| In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169421939 | |||||
| CVE-2021-0449 | 1 Google | 1 Android | 2021-03-12 | 2.1 LOW | 4.4 MEDIUM |
| In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117965 | |||||
| CVE-2021-0450 | 1 Google | 1 Android | 2021-03-12 | 2.1 LOW | 4.4 MEDIUM |
| In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117880 | |||||
| CVE-2021-0452 | 1 Google | 1 Android | 2021-03-12 | 2.1 LOW | 4.4 MEDIUM |
| In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117261 | |||||
| CVE-2021-0451 | 1 Google | 1 Android | 2021-03-12 | 2.1 LOW | 4.4 MEDIUM |
| In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117871 | |||||
| CVE-2021-0453 | 1 Google | 1 Android | 2021-03-12 | 2.1 LOW | 4.4 MEDIUM |
| In the Titan-M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117199 | |||||
| CVE-2021-0455 | 1 Google | 1 Android | 2021-03-12 | 7.2 HIGH | 6.7 MEDIUM |
| In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175116439 | |||||
| CVE-2021-0454 | 1 Google | 1 Android | 2021-03-12 | 7.2 HIGH | 6.7 MEDIUM |
| In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117047 | |||||
| CVE-2021-25344 | 1 Google | 1 Android | 2021-03-11 | 2.1 LOW | 5.5 MEDIUM |
| Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission. | |||||
| CVE-2021-25345 | 2 Google, Samsung | 2 Android, Exynos | 2021-03-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format. | |||||
| CVE-2020-6538 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2020-6554 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-03-11 | 6.8 MEDIUM | 8.6 HIGH |
| Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2020-16006 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-16008 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. | |||||
| CVE-2020-16011 | 4 Debian, Google, Microsoft and 1 more | 5 Debian Linux, Chrome, Windows and 2 more | 2021-03-11 | 6.8 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-25340 | 1 Google | 1 Android | 2021-03-11 | 2.1 LOW | 2.4 LOW |
| Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State. | |||||
| CVE-2020-15967 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-15970 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-15971 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-15973 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. | |||||
| CVE-2021-25339 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2021-03-11 | 2.1 LOW | 5.2 MEDIUM |
| Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. | |||||
| CVE-2020-15980 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Android and 2 more | 2021-03-11 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents. | |||||
| CVE-2021-25338 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2021-03-11 | 3.6 LOW | 5.2 MEDIUM |
| Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. | |||||
| CVE-2020-15981 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-15983 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-03-11 | 4.4 MEDIUM | 7.8 HIGH |
| Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-15982 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-15988 | 5 Debian, Fedoraproject, Google and 2 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-03-11 | 6.8 MEDIUM | 6.3 MEDIUM |
| Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page. | |||||