Filtered by vendor Google
Subscribe
Total
13548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48445 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48444 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48443 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48442 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
|
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48441 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
|
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48440 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
|
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48439 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 4.4 MEDIUM |
|
In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
|
|||||
| CVE-2022-48438 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 4.4 MEDIUM |
|
In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
|
|||||
| CVE-2022-48390 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 7.8 HIGH |
|
In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2023-20747 | 3 Google, Linuxfoundation, Mediatek | 48 Android, Iot-yocto, Yocto and 45 more | 2025-01-07 | N/A | 4.4 MEDIUM |
|
In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121.
|
|||||
| CVE-2023-20746 | 3 Google, Linuxfoundation, Mediatek | 23 Android, Iot-yocto, Yocto and 20 more | 2025-01-07 | N/A | 6.7 MEDIUM |
|
In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217.
|
|||||
| CVE-2023-20745 | 3 Google, Linuxfoundation, Mediatek | 14 Android, Iot-yocto, Yocto and 11 more | 2025-01-07 | N/A | 6.7 MEDIUM |
|
In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694.
|
|||||
| CVE-2023-20752 | 2 Google, Mediatek | 8 Android, Mt8167, Mt8167s and 5 more | 2025-01-07 | N/A | 6.7 MEDIUM |
|
In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826586; Issue ID: ALPS07826586.
|
|||||
| CVE-2023-20751 | 2 Google, Mediatek | 8 Android, Mt8167, Mt8167s and 5 more | 2025-01-07 | N/A | 6.7 MEDIUM |
|
In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07825502; Issue ID: ALPS07825502.
|
|||||
| CVE-2023-20750 | 2 Google, Mediatek | 23 Android, Mt6835, Mt6886 and 20 more | 2025-01-07 | N/A | 4.1 MEDIUM |
|
In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780928.
|
|||||
| CVE-2023-20749 | 2 Google, Mediatek | 28 Android, Mt6789, Mt6835 and 25 more | 2025-01-07 | N/A | 6.7 MEDIUM |
|
In swpm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780926.
|
|||||
| CVE-2023-20716 | 4 Google, Linux, Linuxfoundation and 1 more | 32 Android, Linux Kernel, Iot-yocto and 29 more | 2025-01-07 | N/A | 6.7 MEDIUM |
|
In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796883; Issue ID: ALPS07796883.
|
|||||
| CVE-2023-20715 | 4 Google, Linux, Linuxfoundation and 1 more | 31 Android, Linux Kernel, Iot-yocto and 28 more | 2025-01-07 | N/A | 6.7 MEDIUM |
|
In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796900; Issue ID: ALPS07796900.
|
|||||
| CVE-2023-20712 | 4 Google, Linux, Linuxfoundation and 1 more | 32 Android, Linux Kernel, Iot-yocto and 29 more | 2025-01-07 | N/A | 6.7 MEDIUM |
|
In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796914; Issue ID: ALPS07796914.
|
|||||
| CVE-2023-21245 | 1 Google | 1 Android | 2025-01-06 | N/A | 7.8 HIGH |
|
In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-11111 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-9960 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 7.5 HIGH |
|
Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-9961 | 2 Apple, Google | 2 Iphone Os, Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-10487 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
|
|||||
| CVE-2024-10488 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-10826 | 1 Google | 2 Android, Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-10827 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-11110 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
|
|||||
| CVE-2024-11112 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-01-02 | N/A | 8.8 HIGH |
|
Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-11113 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-11114 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-01-02 | N/A | 8.3 HIGH |
|
Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-11115 | 2 Apple, Google | 2 Iphone Os, Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium)
|
|||||
| CVE-2024-11116 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-11117 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-7025 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-12053 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-7256 | 1 Google | 2 Android, Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-7970 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-8362 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-8904 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||