Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-0404 1 Google 1 Android 2021-03-02 2.1 LOW 4.4 MEDIUM
In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457039.
CVE-2021-0405 1 Google 1 Android 2021-03-02 7.2 HIGH 6.7 MEDIUM
In performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05466547.
CVE-2021-0403 1 Google 1 Android 2021-03-02 2.1 LOW 4.4 MEDIUM
In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124.
CVE-2021-0402 1 Google 1 Android 2021-03-02 7.2 HIGH 6.7 MEDIUM
In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05433311.
CVE-2021-0366 1 Google 1 Android 2021-03-02 6.9 MEDIUM 6.4 MEDIUM
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379093.
CVE-2021-0367 1 Google 1 Android 2021-03-02 6.9 MEDIUM 6.4 MEDIUM
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379085.
CVE-2021-0401 1 Google 1 Android 2021-03-02 6.9 MEDIUM 6.4 MEDIUM
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265.
CVE-2020-8908 1 Google 1 Guava 2021-03-01 2.1 LOW 3.3 LOW
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
CVE-2021-21152 2 Google, Linux 2 Chrome, Linux Kernel 2021-02-28 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21155 2 Google, Microsoft 2 Chrome, Windows 2021-02-28 6.8 MEDIUM 9.6 CRITICAL
Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21149 2 Google, Linux 2 Chrome, Linux Kernel 2021-02-28 6.8 MEDIUM 8.8 HIGH
Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2021-21154 1 Google 1 Chrome 2021-02-28 6.8 MEDIUM 9.6 CRITICAL
Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21150 2 Google, Microsoft 2 Chrome, Windows 2021-02-28 6.8 MEDIUM 9.6 CRITICAL
Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21151 1 Google 1 Chrome 2021-02-28 6.8 MEDIUM 9.6 CRITICAL
Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21157 2 Google, Linux 2 Chrome, Linux Kernel 2021-02-28 6.8 MEDIUM 8.8 HIGH
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21156 1 Google 1 Chrome 2021-02-28 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.
CVE-2021-21153 2 Google, Linux 2 Chrome, Linux Kernel 2021-02-28 6.8 MEDIUM 8.8 HIGH
Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2020-8902 1 Google 1 Rendertron 2021-02-26 4.0 MEDIUM 4.3 MEDIUM
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome's access to your internal domain.
CVE-2020-16041 1 Google 1 Chrome 2021-02-26 5.8 MEDIUM 8.1 HIGH
Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2021-21140 2 Google, Microsoft 2 Chrome, Edge 2021-02-25 4.6 MEDIUM 6.8 MEDIUM
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.