Filtered by vendor Google
Subscribe
Total
11892 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-13169 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375. | |||||
CVE-2017-0675 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227. | |||||
CVE-2017-0869 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869. | |||||
CVE-2017-13176 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964. | |||||
CVE-2017-13191 | 1 Google | 1 Android | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380403. | |||||
CVE-2017-0682 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36588422. | |||||
CVE-2017-9679 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. | |||||
CVE-2015-8594 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. | |||||
CVE-2017-0722 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37660827. | |||||
CVE-2017-5052 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting. | |||||
CVE-2017-0728 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 7.8 HIGH |
A denial of service vulnerability in the Android media framework (hevc decoder). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37469795. | |||||
CVE-2015-3839 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash). | |||||
CVE-2015-9063 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. | |||||
CVE-2017-5111 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. | |||||
CVE-2017-3742 | 3 Google, Lenovo, Microsoft | 3 Android, Connect2, Windows | 2023-12-10 | 2.3 LOW | 4.8 MEDIUM |
In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems. | |||||
CVE-2017-0636 | 1 Google | 1 Android | 2023-12-10 | 7.6 HIGH | 7.0 HIGH |
An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35310230. References: M-ALPS03162263. | |||||
CVE-2017-3114 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | |||||
CVE-2017-16905 | 2 Duolingo, Google | 2 Tinycards, Android | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack. | |||||
CVE-2017-5063 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
CVE-2017-0857 | 1 Google | 1 Android | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447. |