Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 11875 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11278 1 Google 1 Android 2023-12-10 6.6 MEDIUM 7.1 HIGH
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault.
CVE-2018-15981 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2018-6064 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-13889 1 Google 1 Android 2023-12-10 7.2 HIGH 7.8 HIGH
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed
CVE-2018-11893 1 Google 1 Android 2023-12-10 4.6 MEDIUM 7.8 HIGH
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing vendor scan request, when input argument - length of request IEs is greater than maximum can lead to a buffer overflow.
CVE-2018-17475 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2023-12-10 4.3 MEDIUM 4.3 MEDIUM
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2018-6109 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
CVE-2018-18348 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2023-12-10 4.3 MEDIUM 4.3 MEDIUM
Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2018-11919 1 Google 1 Android 2023-12-10 4.6 MEDIUM 7.8 HIGH
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in SOC infrastructure.
CVE-2018-11962 1 Google 1 Android 2023-12-10 7.2 HIGH 7.8 HIGH
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory.
CVE-2018-6110 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2023-12-10 5.8 MEDIUM 5.4 MEDIUM
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.
CVE-2018-11963 1 Google 1 Android 2023-12-10 7.2 HIGH 7.8 HIGH
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in camera jpeg driver.
CVE-2018-6166 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2018-18342 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2018-17457 1 Google 1 Chrome 2023-12-10 6.8 MEDIUM 8.8 HIGH
An object lifecycle issue in Blink could lead to a use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2018-9501 1 Google 1 Android 2023-12-10 7.2 HIGH 7.8 HIGH
In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110034419
CVE-2018-9523 1 Google 1 Android 2023-12-10 7.2 HIGH 7.8 HIGH
In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112859604
CVE-2019-5759 5 Apple, Debian, Fedoraproject and 2 more 8 Macos, Debian Linux, Fedora and 5 more 2023-12-10 6.8 MEDIUM 9.6 CRITICAL
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2019-5775 4 Debian, Fedoraproject, Google and 1 more 6 Debian Linux, Fedora, Chrome and 3 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2018-18354 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.