Filtered by vendor Google
Subscribe
Total
11915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1773 | 5 Canonical, Fedoraproject, Google and 2 more | 5 Ubuntu Linux, Fedora, Chrome and 2 more | 2020-08-14 | 6.8 MEDIUM | 8.8 HIGH |
| Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118. | |||||
| CVE-2020-8904 | 1 Google | 1 Asylo | 2020-08-13 | 5.5 MEDIUM | 9.6 CRITICAL |
| An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later. | |||||
| CVE-2020-8905 | 1 Google | 1 Asylo | 2020-08-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later. | |||||
| CVE-2020-15650 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2020-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. | |||||
| CVE-2020-15649 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2020-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. | |||||
| CVE-2020-15647 | 2 Google, Mozilla | 2 Android, Firefox | 2020-08-12 | 5.0 MEDIUM | 7.4 HIGH |
| A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox for < Android. | |||||
| CVE-2020-0238 | 1 Google | 1 Android | 2020-08-12 | 6.9 MEDIUM | 7.0 HIGH |
| In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150946634 | |||||
| CVE-2020-0240 | 1 Google | 1 Android | 2020-08-12 | 9.3 HIGH | 8.8 HIGH |
| In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150706594 | |||||
| CVE-2020-0254 | 1 Google | 1 Android | 2020-08-12 | 7.8 HIGH | 7.5 HIGH |
| There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751 | |||||
| CVE-2020-0251 | 1 Google | 1 Android | 2020-08-12 | 7.8 HIGH | 7.5 HIGH |
| There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626 | |||||
| CVE-2010-2646 | 1 Google | 1 Chrome | 2020-08-11 | 9.3 HIGH | N/A |
| Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors. | |||||
| CVE-2010-2645 | 1 Google | 1 Chrome | 2020-08-10 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors. | |||||
| CVE-2010-2647 | 2 Canonical, Google | 2 Ubuntu Linux, Chrome | 2020-08-10 | 9.3 HIGH | N/A |
| Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document. | |||||
| CVE-2010-2652 | 1 Google | 1 Chrome | 2020-08-07 | 5.0 MEDIUM | N/A |
| Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2010-2648 | 3 Canonical, Google, Opensuse | 3 Ubuntu Linux, Chrome, Opensuse | 2020-08-07 | 9.3 HIGH | N/A |
| The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2010-2649 | 1 Google | 1 Chrome | 2020-08-07 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image. | |||||
| CVE-2010-2651 | 1 Google | 1 Chrome | 2020-08-07 | 9.3 HIGH | N/A |
| The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2010-2650 | 1 Google | 1 Chrome | 2020-08-07 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs." | |||||
| CVE-2010-1770 | 6 Apple, Canonical, Google and 3 more | 12 Mac Os X, Mac Os X Server, Safari and 9 more | 2020-08-07 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." | |||||
| CVE-2010-2110 | 1 Google | 1 Chrome | 2020-08-06 | 7.5 HIGH | N/A |
| Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors. | |||||