Filtered by vendor Google
Subscribe
Total
10294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39782 | 1 Google | 1 Android | 2022-04-05 | 4.6 MEDIUM | 7.8 HIGH |
| In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202760015 | |||||
| CVE-2021-39747 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In Settings Provider, there is a possible way to list values of non-readable global settings due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-208268457 | |||||
| CVE-2021-39745 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-206127671 | |||||
| CVE-2021-39783 | 1 Google | 1 Android | 2022-04-05 | 4.6 MEDIUM | 7.8 HIGH |
| In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-197960597 | |||||
| CVE-2021-39744 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192369136 | |||||
| CVE-2021-39784 | 1 Google | 1 Android | 2022-04-05 | 4.6 MEDIUM | 7.8 HIGH |
| In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477 | |||||
| CVE-2021-39787 | 1 Google | 1 Android | 2022-04-05 | 9.3 HIGH | 7.8 HIGH |
| In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202506934 | |||||
| CVE-2021-39786 | 1 Google | 1 Android | 2022-04-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192551247 | |||||
| CVE-2021-39741 | 1 Google | 1 Android | 2022-04-05 | 4.6 MEDIUM | 7.8 HIGH |
| In Keymaster, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-173567719 | |||||
| CVE-2021-39739 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 3.3 LOW |
| In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194 | |||||
| CVE-2021-39740 | 1 Google | 1 Android | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
| In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-209965112 | |||||
| CVE-2021-0675 | 2 Google, Mediatek | 57 Android, Mt6570, Mt6580 and 54 more | 2022-04-01 | 7.2 HIGH | 7.8 HIGH |
| In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064258. | |||||
| CVE-2021-0904 | 2 Google, Mediatek | 5 Android, Mt6771, Mt8183 and 2 more | 2022-04-01 | 7.2 HIGH | 6.7 MEDIUM |
| In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938. | |||||
| CVE-2021-0672 | 2 Google, Mediatek | 64 Android, Mt6731, Mt6732 and 61 more | 2022-04-01 | 2.1 LOW | 5.5 MEDIUM |
| In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-199678035 | |||||
| CVE-2022-0290 | 1 Google | 1 Chrome | 2022-04-01 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2019-13745 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-03-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2019-13764 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-03-31 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6404 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-03-31 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6398 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-03-31 | 6.8 MEDIUM | 8.8 HIGH |
| Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2020-6397 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-03-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||