Filtered by vendor Google
Subscribe
Total
13548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20939 | 1 Google | 1 Android | 2025-03-21 | N/A | 7.8 HIGH |
|
In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981
|
|||||
| CVE-2023-20937 | 1 Google | 1 Android | 2025-03-21 | N/A | 7.8 HIGH |
|
In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257443051References: Upstream kernel
|
|||||
| CVE-2023-20934 | 1 Google | 1 Android | 2025-03-21 | N/A | 7.8 HIGH |
|
In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042
|
|||||
| CVE-2023-20933 | 1 Google | 1 Android | 2025-03-21 | N/A | 7.8 HIGH |
|
In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753
|
|||||
| CVE-2023-20932 | 1 Google | 1 Android | 2025-03-21 | N/A | 3.3 LOW |
|
In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018
|
|||||
| CVE-2022-20551 | 1 Google | 1 Android | 2025-03-21 | N/A | 6.7 MEDIUM |
|
In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243376549
|
|||||
| CVE-2022-20481 | 1 Google | 1 Android | 2025-03-21 | N/A | 5.5 MEDIUM |
|
In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241927115
|
|||||
| CVE-2022-20455 | 1 Google | 1 Android | 2025-03-21 | N/A | 5.5 MEDIUM |
|
In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242537431
|
|||||
| CVE-2024-8908 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-7981 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-6779 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 9.6 CRITICAL |
|
Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-0704 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
|
Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2023-0700 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-0141 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 4.3 MEDIUM |
|
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2023-0133 | 1 Google | 2 Android, Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-0132 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-03-20 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-0131 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-0130 | 1 Google | 2 Android, Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-3174 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 8.8 HIGH |
|
Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-32912 | 1 Google | 1 Android | 2025-03-20 | N/A | 5.5 MEDIUM |
|
there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-21014 | 1 Google | 1 Android | 2025-03-19 | N/A | 4.4 MEDIUM |
|
In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029326
|
|||||
| CVE-2025-20636 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2025-03-19 | N/A | 6.7 MEDIUM |
|
In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431.
|
|||||
| CVE-2024-31315 | 1 Google | 1 Android | 2025-03-19 | N/A | 7.8 HIGH |
|
In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2024-0034 | 1 Google | 1 Android | 2025-03-19 | N/A | 7.8 HIGH |
|
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-20949 | 1 Google | 1 Android | 2025-03-19 | N/A | 5.5 MEDIUM |
|
In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323133References: N/A
|
|||||
| CVE-2023-20927 | 1 Google | 1 Android | 2025-03-19 | N/A | 7.8 HIGH |
|
In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503
|
|||||
| CVE-2018-9412 | 1 Google | 1 Android | 2025-03-19 | N/A | 5.5 MEDIUM |
|
In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2024-7974 | 1 Google | 1 Chrome | 2025-03-19 | N/A | 8.8 HIGH |
|
Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
|
|||||
| CVE-2024-8897 | 2 Google, Mozilla | 2 Android, Firefox | 2025-03-19 | N/A | 6.1 MEDIUM |
|
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1.
|
|||||
| CVE-2024-7001 | 1 Google | 1 Chrome | 2025-03-19 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-34727 | 1 Google | 1 Android | 2025-03-19 | N/A | 7.5 HIGH |
|
In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-2884 | 1 Google | 1 Chrome | 2025-03-19 | N/A | 6.5 MEDIUM |
|
Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-40110 | 1 Google | 1 Android | 2025-03-19 | N/A | 7.8 HIGH |
|
In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2024-0020 | 1 Google | 1 Android | 2025-03-19 | N/A | 5.5 MEDIUM |
|
In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-40655 | 1 Google | 1 Android | 2025-03-18 | N/A | 7.8 HIGH |
|
In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2024-29780 | 1 Google | 1 Android | 2025-03-18 | N/A | 5.5 MEDIUM |
|
In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-2938 | 1 Google | 1 Chrome | 2025-03-18 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-2885 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-18 | N/A | 8.8 HIGH |
|
Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-20948 | 1 Google | 1 Android | 2025-03-18 | N/A | 7.5 HIGH |
|
In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526
|
|||||
| CVE-2024-29785 | 1 Google | 1 Android | 2025-03-18 | N/A | 5.5 MEDIUM |
|
In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||