Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 12026 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-5274 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-27 N/A 9.6 CRITICAL
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2024-7971 1 Google 1 Chrome 2024-11-27 N/A 9.6 CRITICAL
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-52536 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-11-27 N/A 4.4 MEDIUM
In faceid service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2023-52352 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-11-27 N/A 5.5 MEDIUM
In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed
CVE-2023-52350 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-11-27 N/A 4.4 MEDIUM
In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2023-52349 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-11-27 N/A 4.4 MEDIUM
In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2023-33905 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-11-27 N/A 4.4 MEDIUM
In iwnpi server, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2023-40122 1 Google 1 Android 2024-11-26 N/A 3.3 LOW
In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-0029 1 Google 1 Android 2024-11-26 N/A 7.8 HIGH
In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-0019 1 Google 1 Android 2024-11-26 N/A 5.0 MEDIUM
In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-0053 1 Google 1 Android 2024-11-26 N/A 3.3 LOW
In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-0039 1 Google 1 Android 2024-11-26 N/A 9.8 CRITICAL
In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-7013 1 Google 1 Chrome 2024-11-25 N/A 4.7 MEDIUM
Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-34742 1 Google 1 Android 2024-11-25 N/A 5.5 MEDIUM
In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-0022 1 Google 1 Android 2024-11-25 N/A 5.5 MEDIUM
In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-11026 2 Free-now, Google 2 Freenow, Android 2024-11-23 2.6 LOW 3.7 LOW
A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore Handler. The manipulation of the argument DEFAULT_KEYSTORE_PASSWORD with the input changeit leads to use of hard-coded password. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2018-9411 1 Google 1 Android 2024-11-22 N/A 8.8 HIGH
In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2018-9410 1 Google 1 Android 2024-11-22 N/A 5.5 MEDIUM
In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-9417 1 Google 1 Android 2024-11-22 N/A 7.8 HIGH
In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-9419 1 Google 1 Android 2024-11-22 N/A 7.5 HIGH
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.