Filtered by vendor Google
Subscribe
Total
12629 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39121 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-14 | N/A | 5.5 MEDIUM |
| In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | |||||
| CVE-2025-20665 | 2 Google, Mediatek | 53 Android, Mt6580, Mt6761 and 50 more | 2025-05-12 | N/A | 5.5 MEDIUM |
| In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760. | |||||
| CVE-2016-2427 | 2 Bouncycastle, Google | 2 Bc-java, Android | 2025-05-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| ** DISPUTED ** The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568. NOTE: The vendor disputes the existence of this potential issue in Android, stating "This CVE was raised in error: it referred to the authentication tag size in GCM, whose default according to ASN.1 encoding (12 bytes) can lead to vulnerabilities. After careful consideration, it was decided that the insecure default value of 12 bytes was a default only for the encoding and not default anywhere else in Android, and hence no vulnerability existed." | |||||
| CVE-2024-20012 | 2 Google, Mediatek | 51 Android, Mt6580, Mt6731 and 48 more | 2025-05-09 | N/A | 6.7 MEDIUM |
| In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566. | |||||
| CVE-2024-22012 | 1 Google | 1 Android | 2025-05-08 | N/A | 7.8 HIGH |
| there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-1059 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-08 | N/A | 8.8 HIGH |
| Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-20671 | 2 Google, Mediatek | 11 Android, Mt2718, Mt6878 and 8 more | 2025-05-07 | N/A | 7.0 HIGH |
| In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09698599; Issue ID: MSV-3228. | |||||
| CVE-2025-20668 | 2 Google, Mediatek | 8 Android, Mt6878, Mt6897 and 5 more | 2025-05-07 | N/A | 7.8 HIGH |
| In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09625562; Issue ID: MSV-3027. | |||||
| CVE-2022-3304 | 1 Google | 1 Chrome | 2025-05-06 | N/A | 8.8 HIGH |
| Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3308 | 1 Google | 1 Chrome | 2025-05-06 | N/A | 7.4 HIGH |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-3307 | 1 Google | 1 Chrome | 2025-05-06 | N/A | 8.8 HIGH |
| Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3306 | 1 Google | 2 Chrome, Chrome Os | 2025-05-06 | N/A | 8.8 HIGH |
| Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3305 | 1 Google | 2 Chrome, Chrome Os | 2025-05-06 | N/A | 8.8 HIGH |
| Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3314 | 1 Google | 1 Chrome | 2025-05-06 | N/A | 6.5 MEDIUM |
| Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-3313 | 1 Google | 1 Chrome | 2025-05-06 | N/A | 6.5 MEDIUM |
| Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-3312 | 1 Google | 1 Chrome | 2025-05-06 | N/A | 4.6 MEDIUM |
| Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chromium security severity: Medium) | |||||
| CVE-2022-3310 | 1 Google | 2 Android, Chrome | 2025-05-06 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium) | |||||
| CVE-2022-3309 | 1 Google | 2 Chrome, Chrome Os | 2025-05-06 | N/A | 6.5 MEDIUM |
| Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: Medium) | |||||
| CVE-2023-52342 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2025-05-06 | N/A | 7.5 HIGH |
| In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed | |||||
| CVE-2023-52343 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2025-05-06 | N/A | 5.5 MEDIUM |
| In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed | |||||