Filtered by vendor Google
Subscribe
Total
11891 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7632 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2023-12-10 | 9.3 HIGH | N/A |
| Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a Loader object with a crafted loaderBytes property. | |||||
| CVE-2015-1302 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
| The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc. | |||||
| CVE-2015-6629 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | N/A |
| Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667. | |||||
| CVE-2015-6612 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | N/A |
| libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426. | |||||
| CVE-2015-7641 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2023-12-10 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644. | |||||
| CVE-2015-6641 | 1 Google | 1 Android | 2023-12-10 | 2.9 LOW | 3.1 LOW |
| Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. | |||||
| CVE-2016-2491 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408. | |||||
| CVE-2016-3905 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application that sends a SENDACTIONFRAME command, aka Android internal bug 28061823 and Qualcomm internal bug CR 1001449. | |||||
| CVE-2016-5175 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2015-1266 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | N/A |
| content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI class for handling chrome://gpu requests. | |||||
| CVE-2015-8417 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2023-12-10 | 10.0 HIGH | N/A |
| Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455. | |||||
| CVE-2015-6777 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the ContainerNode::notifyNodeInsertedInternal function in WebKit/Source/core/dom/ContainerNode.cpp in the DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOMCharacterDataModified events for certain detached-subtree insertions. | |||||
| CVE-2014-9866 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358. | |||||
| CVE-2015-7626 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2023-12-10 | 10.0 HIGH | N/A |
| Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634. | |||||
| CVE-2016-4139 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2016-0963 | 6 Adobe, Apple, Google and 3 more | 15 Air, Air Desktop Runtime, Air Sdk and 12 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
| Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010. | |||||
| CVE-2016-4144 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2016-3932 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 29161895 and MediaTek internal bug ALPS02770870. | |||||
| CVE-2015-3100 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2023-12-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-2415 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
| exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request, aka internal bug 26488455. | |||||