Filtered by vendor Google
Subscribe
Total
10107 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13749 | 5 Apple, Debian, Fedoraproject and 2 more | 8 Iphone Os, Debian Linux, Fedora and 5 more | 2023-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2019-13754 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
CVE-2019-13750 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | |||||
CVE-2019-13725 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-03 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | |||||
CVE-2019-13744 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-03 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2019-13746 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-03 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2019-13748 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-03 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
CVE-2022-32628 | 2 Google, Mediatek | 8 Android, Mt6833, Mt6853 and 5 more | 2023-02-03 | N/A | 6.7 MEDIUM |
In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310780; Issue ID: ALPS07310780. | |||||
CVE-2022-32629 | 2 Google, Mediatek | 8 Android, Mt6833, Mt6853 and 5 more | 2023-02-03 | N/A | 6.7 MEDIUM |
In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310774; Issue ID: ALPS07310774. | |||||
CVE-2021-39653 | 1 Google | 1 Android | 2023-02-03 | 4.6 MEDIUM | 7.8 HIGH |
In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193443223References: N/A | |||||
CVE-2016-1014 | 5 Adobe, Apple, Google and 2 more | 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more | 2023-02-03 | 6.9 MEDIUM | 7.3 HIGH |
Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory. | |||||
CVE-2020-0305 | 2 Google, Opensuse | 2 Android, Leap | 2023-02-03 | 4.4 MEDIUM | 6.4 MEDIUM |
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744 | |||||
CVE-2012-4563 | 1 Google | 1 Web Toolkit | 2023-02-02 | 4.3 MEDIUM | N/A |
CVE-2012-4563 GWT: unknown XSS flaw | |||||
CVE-2016-0728 | 5 Canonical, Debian, Google and 2 more | 5 Ubuntu Linux, Debian Linux, Android and 2 more | 2023-02-02 | 7.2 HIGH | 7.8 HIGH |
A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. | |||||
CVE-2013-4204 | 1 Google | 1 Web Toolkit | 2023-02-02 | 4.3 MEDIUM | N/A |
CVE-2013-4204 GWT: reflected XSS in HTML files used by GWTTestCase | |||||
CVE-2023-20913 | 1 Google | 1 Android | 2023-02-02 | N/A | 7.8 HIGH |
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785 | |||||
CVE-2023-20912 | 1 Google | 1 Android | 2023-02-02 | N/A | 7.8 HIGH |
In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995 | |||||
CVE-2023-20923 | 1 Google | 1 Android | 2023-02-01 | N/A | 5.5 MEDIUM |
In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A | |||||
CVE-2023-20924 | 1 Google | 1 Android | 2023-02-01 | N/A | 6.8 MEDIUM |
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A | |||||
CVE-2023-20925 | 1 Google | 1 Android | 2023-02-01 | N/A | 7.8 HIGH |
In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A |