Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 770 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-35958 1 Google 1 Tensorflow 2024-03-21 6.4 MEDIUM 9.1 CRITICAL
TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives
CVE-2014-3180 2 Google, Linux 2 Chrome Os, Linux Kernel 2024-03-21 6.4 MEDIUM 9.1 CRITICAL
In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable
CVE-2023-48423 1 Google 1 Android 2024-03-12 N/A 9.8 CRITICAL
In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-40082 1 Google 1 Android 2024-02-15 N/A 9.8 CRITICAL
In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2022-4135 2 Google, Microsoft 3 Chrome, Edge, Edge Chromium 2024-02-15 N/A 9.6 CRITICAL
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3075 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-15 N/A 9.6 CRITICAL
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-37973 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-15 6.8 MEDIUM 9.6 CRITICAL
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2024-1283 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-14 N/A 9.8 CRITICAL
Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-1284 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-14 N/A 9.8 CRITICAL
Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-20011 2 Google, Mediatek 18 Android, Mt6985, Mt8127 and 15 more 2024-02-09 N/A 9.8 CRITICAL
In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
CVE-2023-40078 1 Google 1 Android 2024-02-02 N/A 9.8 CRITICAL
In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-6345 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-01-31 N/A 9.6 CRITICAL
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
CVE-2024-0808 2 Fedoraproject, Google 2 Fedora, Chrome 2024-01-29 N/A 9.8 CRITICAL
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
CVE-2016-2496 1 Google 1 Android 2024-01-26 10.0 HIGH 9.8 CRITICAL
The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796.
CVE-2023-6339 1 Google 2 Nest Wifi Pro, Nest Wifi Pro Firmware 2024-01-09 N/A 9.8 CRITICAL
Google Nest WiFi Pro root code-execution & user-data compromise
CVE-2023-48419 1 Google 8 Home, Home Firmware, Home Mini and 5 more 2024-01-09 N/A 9.8 CRITICAL
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege 
CVE-2023-35690 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21403 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21402 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21401 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.