Filtered by vendor Google
Subscribe
Total
11915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32620 | 2 Google, Mediatek | 9 Android, Mt6781, Mt6789 and 6 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753. | |||||
| CVE-2022-32626 | 2 Google, Mediatek | 25 Android, Mt6761, Mt6765 and 22 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326239; Issue ID: ALPS07326239. | |||||
| CVE-2022-32625 | 2 Google, Mediatek | 26 Android, Mt6761, Mt6765 and 23 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326216; Issue ID: ALPS07326216. | |||||
| CVE-2022-32596 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6765 and 30 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446213; Issue ID: ALPS07446213. | |||||
| CVE-2022-32597 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6765 and 30 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228. | |||||
| CVE-2022-32598 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6765 and 30 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228. | |||||
| CVE-2022-32619 | 2 Google, Mediatek | 52 Android, Mt6580, Mt6731 and 49 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07439659; Issue ID: ALPS07439659. | |||||
| CVE-2022-32594 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6765 and 30 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446207; Issue ID: ALPS07446207. | |||||
| CVE-2022-4262 | 1 Google | 1 Chrome | 2022-12-05 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-20421 | 2 Debian, Google | 2 Debian Linux, Android | 2022-12-03 | N/A | 7.8 HIGH |
| In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel | |||||
| CVE-2022-3373 | 1 Google | 1 Chrome | 2022-12-03 | N/A | 8.8 HIGH |
| Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3370 | 1 Google | 1 Chrome | 2022-12-03 | N/A | 8.8 HIGH |
| Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2011-3389 | 9 Canonical, Debian, Google and 6 more | 17 Ubuntu Linux, Debian Linux, Chrome and 14 more | 2022-11-29 | 4.3 MEDIUM | N/A |
| The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | |||||
| CVE-2022-25647 | 4 Debian, Google, Netapp and 1 more | 6 Debian Linux, Gson, Active Iq Unified Manager and 3 more | 2022-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. | |||||
| CVE-2022-41883 | 1 Google | 1 Tensorflow | 2022-11-23 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-41885 | 1 Google | 1 Tensorflow | 2022-11-23 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-41911 | 1 Google | 1 Tensorflow | 2022-11-23 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-41908 | 1 Google | 1 Tensorflow | 2022-11-23 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-41907 | 1 Google | 1 Tensorflow | 2022-11-23 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-41900 | 1 Google | 1 Tensorflow | 2022-11-23 | N/A | 9.8 CRITICAL |
| TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1. | |||||