Filtered by vendor Google
Subscribe
Total
11915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0808 | 1 Google | 1 Android | 2017-10-12 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183. | |||||
| CVE-2015-0874 | 3 Apple, Google, Okb | 3 Iphone Os, Android, Smart Passbook | 2017-10-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate. | |||||
| CVE-2002-1443 | 1 Google | 1 Toolbar | 2017-10-10 | 5.0 MEDIUM | N/A |
| The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler. | |||||
| CVE-2015-1526 | 1 Google | 1 Android | 2017-10-06 | 7.1 HIGH | 5.5 MEDIUM |
| The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. | |||||
| CVE-2015-1537 | 1 Google | 1 Android | 2017-10-06 | 9.3 HIGH | 7.8 HIGH |
| Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. | |||||
| CVE-2016-5853 | 1 Google | 1 Android | 2017-09-29 | 7.6 HIGH | 7.0 HIGH |
| In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value. | |||||
| CVE-2015-1528 | 1 Google | 1 Android | 2017-09-29 | 9.3 HIGH | N/A |
| Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482. | |||||
| CVE-2015-1474 | 1 Google | 1 Android | 2017-09-29 | 10.0 HIGH | N/A |
| Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values. | |||||
| CVE-2009-1514 | 1 Google | 1 Chrome | 2017-09-29 | 5.0 MEDIUM | N/A |
| Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value. | |||||
| CVE-2008-6998 | 1 Google | 1 Chrome | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link. | |||||
| CVE-2008-6997 | 1 Google | 1 Chrome | 2017-09-29 | 4.3 MEDIUM | N/A |
| Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action. | |||||
| CVE-2008-6995 | 1 Google | 1 Chrome | 2017-09-29 | 4.3 MEDIUM | N/A |
| Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a "%" (percent) character, which triggers a buffer over-read, as demonstrated using an "about:%" URI. | |||||
| CVE-2007-6212 | 1 Google | 1 Kml | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter. | |||||
| CVE-2016-5868 | 1 Google | 1 Android | 2017-09-28 | 7.6 HIGH | 7.0 HIGH |
| drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. | |||||
| CVE-2017-11040 | 1 Google | 1 Android | 2017-09-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to. | |||||
| CVE-2017-11001 | 1 Google | 1 Android | 2017-09-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read. | |||||
| CVE-2017-10996 | 1 Google | 1 Android | 2017-09-26 | 7.1 HIGH | 5.5 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. This error is not fatal, however the device might crash/reboot with memory violation/out of bounds access. | |||||
| CVE-2017-9676 | 1 Google | 1 Android | 2017-09-26 | 2.6 LOW | 4.7 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock. | |||||
| CVE-2015-1527 | 1 Google | 1 Android | 2017-09-21 | 4.6 MEDIUM | 7.8 HIGH |
| Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. | |||||
| CVE-2015-3829 | 1 Google | 1 Android | 2017-09-21 | 10.0 HIGH | N/A |
| Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261. | |||||