Filtered by vendor Google
Subscribe
Total
13548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44436 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-44434 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-44432 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
|
|||||
| CVE-2022-44431 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
|
|||||
| CVE-2022-44430 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
|
|||||
| CVE-2022-44429 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
|
|||||
| CVE-2022-44425 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
|
|||||
| CVE-2022-44424 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-44423 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-44422 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-39118 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
|
|||||
| CVE-2022-39116 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
|
|||||
| CVE-2022-39104 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with no additional execution privileges needed.
|
|||||
| CVE-2022-39088 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39087 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39086 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39085 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-44445 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
|
|||||
| CVE-2025-0996 | 1 Google | 1 Chrome | 2025-04-10 | N/A | 5.4 MEDIUM |
|
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-0995 | 1 Google | 1 Chrome | 2025-04-10 | N/A | 8.8 HIGH |
|
Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-20655 | 2 Google, Mediatek | 2 Android, Mt9972 | 2025-04-09 | N/A | 5.3 MEDIUM |
|
In keymaster, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04427687; Issue ID: MSV-3183.
|
|||||
| CVE-2025-20656 | 5 Google, Linuxfoundation, Mediatek and 2 more | 20 Android, Yocto, Mt6781 and 17 more | 2025-04-09 | N/A | 6.8 MEDIUM |
|
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.
|
|||||
| CVE-2025-20658 | 2 Google, Mediatek | 19 Android, Mt2718, Mt6781 and 16 more | 2025-04-09 | N/A | 6.0 MEDIUM |
|
In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09474894; Issue ID: MSV-2597.
|
|||||
| CVE-2006-5019 | 1 Google | 1 Mini Search Appliance | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message.
|
|||||
| CVE-2008-4724 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-0316 | 1 Google | 1 Google Sketchup | 2025-04-09 | 9.3 HIGH | N/A |
|
Integer overflow in Google SketchUp before 7.1 M2 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a crafted SKP file.
|
|||||
| CVE-2009-3698 | 1 Google | 1 Android | 2025-04-09 | 4.3 MEDIUM | N/A |
|
An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656.
|
|||||
| CVE-2009-2121 | 1 Google | 1 Chrome | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted response.
|
|||||
| CVE-2008-5915 | 1 Google | 1 Chrome | 2025-04-09 | 2.1 LOW | N/A |
|
An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for track ...
Show More |
|||||
| CVE-2007-4823 | 1 Google | 1 Picasa | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
|
|||||
| CVE-2010-0315 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
|
WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.
|
|||||
| CVE-2009-3264 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document.
|
|||||
| CVE-2007-2378 | 1 Google | 1 Web Toolkit | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
|
|||||
| CVE-2007-6536 | 1 Google | 1 Toolbar | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com.
|
|||||
| CVE-2009-2955 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
|
|||||
| CVE-2008-6996 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file, possibly related to the "ask where to save each file before downloading" setting.
|
|||||
| CVE-2009-1690 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2025-04-09 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM eve ...
Show More |
|||||
| CVE-2007-3484 | 1 Google | 1 Custom Search Engine | 2025-04-09 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further cus ...
Show More |
|||||
| CVE-2009-2416 | 11 Apple, Canonical, Debian and 8 more | 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more | 2025-04-09 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
|
|||||
| CVE-2009-2060 | 1 Google | 1 Chrome | 2025-04-09 | 5.8 MEDIUM | N/A |
|
src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
|
|||||