Filtered by vendor Google
Subscribe
Total
770 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20390 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002 | |||||
CVE-2022-20388 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323 | |||||
CVE-2022-3890 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-10 | N/A | 9.6 CRITICAL |
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2022-20216 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916 | |||||
CVE-2022-2587 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | N/A | 9.8 CRITICAL |
Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata. | |||||
CVE-2022-20386 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328 | |||||
CVE-2022-20239 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091 | |||||
CVE-2022-20222 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-228078096 | |||||
CVE-2022-20402 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A | |||||
CVE-2022-20387 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324 | |||||
CVE-2021-39815 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232440670 | |||||
CVE-2022-39862 | 2 Google, Samsung | 2 Android, Dynamic Lockscreen | 2023-12-10 | N/A | 9.8 CRITICAL |
Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. | |||||
CVE-2022-20385 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array 'policy[type]', which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819 | |||||
CVE-2022-20405 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A | |||||
CVE-2022-1799 | 1 Google | 1 Google Play Services Software Development Kit | 2023-12-10 | N/A | 9.8 CRITICAL |
Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release. | |||||
CVE-2022-1853 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 9.6 CRITICAL |
Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2022-20122 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232441339 | |||||
CVE-2022-1309 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 9.6 CRITICAL |
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2022-20389 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004 | |||||
CVE-2022-26447 | 3 Google, Mediatek, Yoctoproject | 27 Android, Mt6580, Mt6735 and 24 more | 2023-12-10 | N/A | 9.8 CRITICAL |
In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784478; Issue ID: ALPS06784478. |