Filtered by vendor Google
Subscribe
Total
13548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3449 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
|
|||||
| CVE-2022-3448 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2022-3447 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2022-3446 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2022-3445 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2022-3444 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low)
|
|||||
| CVE-2022-3443 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2022-3421 | 2 Apple, Google | 2 Macos, Drive | 2024-11-21 | N/A | 5.6 MEDIUM |
|
An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it wi ...
Show More |
|||||
| CVE-2022-3370 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2022-3318 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI interaction. (Chromium security severity: Low)
|
|||||
| CVE-2022-3317 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2022-3316 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2022-3315 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2022-3311 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-3201 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2022-3171 | 2 Fedoraproject, Google | 6 Fedora, Google-protobuf, Protobuf-java and 3 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
|
|||||
| CVE-2022-39915 | 2 Google, Samsung | 2 Android, Calendar | 2024-11-21 | N/A | 3.3 LOW |
|
Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent.
|
|||||
| CVE-2022-39914 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information.
|
|||||
| CVE-2022-39913 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information.
|
|||||
| CVE-2022-39912 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.2 MEDIUM |
|
Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder.
|
|||||
| CVE-2022-39908 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.9 MEDIUM |
|
TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
|
|||||
| CVE-2022-39907 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.9 MEDIUM |
|
Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
|
|||||
| CVE-2022-39906 | 1 Google | 1 Android | 2024-11-21 | N/A | 2.3 LOW |
|
Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information.
|
|||||
| CVE-2022-39905 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Implicit intent hijacking vulnerability in Telecom application prior to SMR Dec-2022 Release 1 allows attacker to access sensitive information via implicit intent.
|
|||||
| CVE-2022-39904 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
|
Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log.
|
|||||
| CVE-2022-39903 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number.
|
|||||
| CVE-2022-39900 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch.
|
|||||
| CVE-2022-39899 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.7 MEDIUM |
|
Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture.
|
|||||
| CVE-2022-39898 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim.
|
|||||
| CVE-2022-39897 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.
|
|||||
| CVE-2022-39896 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.
|
|||||
| CVE-2022-39895 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent.
|
|||||
| CVE-2022-39894 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.
|
|||||
| CVE-2022-39887 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting.
|
|||||
| CVE-2022-39886 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information.
|
|||||
| CVE-2022-39885 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information.
|
|||||
| CVE-2022-39884 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information.
|
|||||
| CVE-2022-39883 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API.
|
|||||
| CVE-2022-39882 | 1 Google | 1 Android | 2024-11-21 | N/A | 8.0 HIGH |
|
Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code.
|
|||||
| CVE-2022-39880 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution.
|
|||||