Filtered by vendor Google
Subscribe
Total
770 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20160 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A | |||||
CVE-2022-30722 | 1 Google | 1 Android | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. | |||||
CVE-2021-39658 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service,but it does not check the permissions of the caller,resulting in permission leaks?Third-party apps can use this service to arbitrarily modify and set system properties?Product: AndroidVersions: Android SoCAndroid ID: A-207479207 | |||||
CVE-2022-20167 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A | |||||
CVE-2022-20191 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A | |||||
CVE-2021-39723 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Product: AndroidVersions: Android kernelAndroid ID: A-209014813References: N/A | |||||
CVE-2022-27568 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||||
CVE-2022-20145 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636 | |||||
CVE-2022-27571 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||||
CVE-2022-20127 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221862119 | |||||
CVE-2022-20171 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A | |||||
CVE-2022-20173 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A | |||||
CVE-2022-26096 | 1 Google | 1 Android | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | |||||
CVE-2022-30711 | 1 Google | 1 Android | 2023-12-10 | 9.4 HIGH | 9.1 CRITICAL |
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
CVE-2021-46743 | 1 Google | 1 Firebase Php-jwt | 2023-12-10 | 5.8 MEDIUM | 9.1 CRITICAL |
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself. | |||||
CVE-2022-20164 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A | |||||
CVE-2022-28605 | 3 Apple, Google, Linkplay | 3 Iphone Os, Android, Sound Bar | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory | |||||
CVE-2022-0097 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. | |||||
CVE-2022-30712 | 1 Google | 1 Android | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
CVE-2022-0290 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |