Filtered by vendor Google
Subscribe
Total
13548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13637 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-04 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-13638 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-04 | N/A | 8.8 HIGH |
|
Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-13721 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-04 | N/A | 7.5 HIGH |
|
Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-13720 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-04 | N/A | 8.8 HIGH |
|
Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-13640 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-04 | N/A | 3.5 LOW |
|
Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low)
|
|||||
| CVE-2016-5131 | 8 Apple, Canonical, Debian and 5 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2025-12-04 | 6.8 MEDIUM | 8.8 HIGH |
|
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
|
|||||
| CVE-2017-7375 | 3 Debian, Google, Xmlsoft | 3 Debian Linux, Android, Libxml2 | 2025-12-03 | 7.5 HIGH | 9.8 CRITICAL |
|
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).
|
|||||
| CVE-2017-5130 | 3 Debian, Google, Xmlsoft | 3 Debian Linux, Chrome, Libxml2 | 2025-12-03 | 6.8 MEDIUM | 8.8 HIGH |
|
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
|
|||||
| CVE-2025-20763 | 2 Google, Mediatek | 28 Android, Mt6833, Mt6835 and 25 more | 2025-12-03 | N/A | 7.8 HIGH |
|
In mmdvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267218; Issue ID: MSV-5032.
|
|||||
| CVE-2025-20764 | 2 Google, Mediatek | 34 Android, Mt6739, Mt6761 and 31 more | 2025-12-03 | N/A | 7.8 HIGH |
|
In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10259774; Issue ID: MSV-5029.
|
|||||
| CVE-2025-20766 | 2 Google, Mediatek | 32 Android, Mt2718, Mt6739 and 29 more | 2025-12-03 | N/A | 7.8 HIGH |
|
In display, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4820.
|
|||||
| CVE-2025-20767 | 2 Google, Mediatek | 32 Android, Mt2718, Mt6739 and 29 more | 2025-12-03 | N/A | 7.8 HIGH |
|
In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4807.
|
|||||
| CVE-2025-20768 | 2 Google, Mediatek | 26 Android, Mt6739, Mt6761 and 23 more | 2025-12-03 | N/A | 7.8 HIGH |
|
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4805.
|
|||||
| CVE-2025-20769 | 2 Google, Mediatek | 32 Android, Mt2718, Mt6739 and 29 more | 2025-12-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4804.
|
|||||
| CVE-2025-20770 | 2 Google, Mediatek | 32 Android, Mt2718, Mt6739 and 29 more | 2025-12-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4803.
|
|||||
| CVE-2025-20789 | 2 Google, Mediatek | 7 Android, Mt6781, Mt6833 and 4 more | 2025-12-03 | N/A | 4.4 MEDIUM |
|
In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538.
|
|||||
| CVE-2025-20788 | 2 Google, Mediatek | 3 Android, Mt6991, Mt8196 | 2025-12-03 | N/A | 4.4 MEDIUM |
|
In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539.
|
|||||
| CVE-2025-20777 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2025-12-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752.
|
|||||
| CVE-2025-20776 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2025-12-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184297; Issue ID: MSV-4759.
|
|||||
| CVE-2025-20774 | 2 Google, Mediatek | 32 Android, Mt2718, Mt6739 and 29 more | 2025-12-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796.
|
|||||
| CVE-2025-20771 | 2 Google, Mediatek | 32 Android, Mt2718, Mt6739 and 29 more | 2025-12-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4802.
|
|||||
| CVE-2025-61619 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | N/A | 7.5 HIGH |
|
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
|
|||||
| CVE-2025-61618 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | N/A | 7.5 HIGH |
|
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
|
|||||
| CVE-2025-61617 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | N/A | 7.5 HIGH |
|
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
|
|||||
| CVE-2025-61610 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | N/A | 7.5 HIGH |
|
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
|
|||||
| CVE-2025-61609 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | N/A | 7.5 HIGH |
|
In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
|
|||||
| CVE-2025-61608 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | N/A | 7.5 HIGH |
|
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
|
|||||
| CVE-2025-61607 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | N/A | 7.5 HIGH |
|
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
|
|||||
| CVE-2025-3012 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | N/A | 7.5 HIGH |
|
In dpc modem, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed
|
|||||
| CVE-2025-11133 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | N/A | 7.5 HIGH |
|
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
|
|||||
| CVE-2025-11132 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | N/A | 7.5 HIGH |
|
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
|
|||||
| CVE-2025-13223 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-02 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-11131 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-01 | N/A | 7.5 HIGH |
|
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
|
|||||
| CVE-2013-6629 | 9 Artifex, Canonical, Debian and 6 more | 11 Gpl Ghostscript, Ubuntu Linux, Debian Linux and 8 more | 2025-11-25 | 5.0 MEDIUM | N/A |
|
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
|
|||||
| CVE-2011-3079 | 3 Google, Mozilla, Opensuse | 5 Chrome, Firefox, Seamonkey and 2 more | 2025-11-25 | 10.0 HIGH | N/A |
|
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
|
|||||
| CVE-2025-12725 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2025-11-25 | N/A | 8.8 HIGH |
|
Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-13042 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-25 | N/A | 8.8 HIGH |
|
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-12726 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-11-25 | N/A | 7.5 HIGH |
|
Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-12728 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2025-11-25 | N/A | 4.2 MEDIUM |
|
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-12727 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-25 | N/A | 8.8 HIGH |
|
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||