Filtered by vendor Google
Subscribe
Total
11915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40120 | 1 Google | 1 Android | 2023-10-30 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40117 | 1 Google | 1 Android | 2023-10-30 | N/A | 7.8 HIGH |
| In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40116 | 1 Google | 1 Android | 2023-10-30 | N/A | 7.8 HIGH |
| In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-0705 | 1 Google | 1 Chrome | 2023-10-26 | N/A | 7.5 HIGH |
| Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-0927 | 1 Google | 2 Android, Chrome | 2023-10-26 | N/A | 8.8 HIGH |
| Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0928 | 1 Google | 1 Chrome | 2023-10-26 | N/A | 8.8 HIGH |
| Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0696 | 1 Google | 1 Chrome | 2023-10-26 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0698 | 1 Google | 1 Chrome | 2023-10-26 | N/A | 8.8 HIGH |
| Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0699 | 1 Google | 1 Chrome | 2023-10-26 | N/A | 8.8 HIGH |
| Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium) | |||||
| CVE-2023-0700 | 1 Google | 1 Chrome | 2023-10-26 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0701 | 1 Google | 1 Chrome | 2023-10-26 | N/A | 8.8 HIGH |
| Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium) | |||||
| CVE-2023-0702 | 1 Google | 1 Chrome | 2023-10-26 | N/A | 8.8 HIGH |
| Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0703 | 1 Google | 1 Chrome | 2023-10-26 | N/A | 8.8 HIGH |
| Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium) | |||||
| CVE-2023-0704 | 1 Google | 1 Chrome | 2023-10-26 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-0697 | 1 Google | 2 Android, Chrome | 2023-10-26 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2019-10379 | 1 Google | 1 Cloud Messaging Notification | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10365 | 1 Google | 1 Kubernetes Engine | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. | |||||
| CVE-2023-35663 | 1 Google | 1 Android | 2023-10-25 | N/A | 7.5 HIGH |
| In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35656 | 1 Google | 1 Android | 2023-10-25 | N/A | 7.5 HIGH |
| In multiple functions of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-23374 | 2 Google, Microsoft | 2 Android, Edge Chromium | 2023-10-24 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||