Filtered by vendor Google
Subscribe
Total
10294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0218 | 1 Google | 1 Android | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005905 | |||||
| CVE-2019-9372 | 1 Google | 1 Android | 2021-07-21 | 7.1 HIGH | 6.5 MEDIUM |
| In libskia, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132782448 | |||||
| CVE-2020-0421 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161894517 | |||||
| CVE-2019-9402 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115372550 | |||||
| CVE-2019-20776 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A TZ trusted application can crash via crafted input. The LG ID is LVE-SMP-190005 (July 2019). | |||||
| CVE-2020-0500 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In startInputUncheckedLocked of InputMethodManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913391 | |||||
| CVE-2019-2213 | 1 Google | 1 Android | 2021-07-21 | 6.9 MEDIUM | 7.4 HIGH |
| In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-133758011References: Upstream kernel | |||||
| CVE-2020-10836 | 1 Google | 1 Android | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The Widevine Trustlet allows read and write operations on arbitrary memory locations. The Samsung ID is SVE-2019-15873 (February 2020). | |||||
| CVE-2020-6503 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-15584 | 1 Google | 1 Android | 2021-07-21 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles boundary checks. The Samsung ID is SVE-2020-18056 (July 2020). | |||||
| CVE-2020-0019 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local information disclosure in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413798 | |||||
| CVE-2020-0207 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In next_marker of jdmarker.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-135532289 | |||||
| CVE-2020-6474 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6543 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-27029 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In TextView of TextView.java, there is a possible app hang due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140218875 | |||||
| CVE-2020-6553 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Iphone Os, Debian Linux, Fedora and 1 more | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-0023 | 1 Google | 1 Android | 2021-07-21 | 4.7 MEDIUM | 5.5 MEDIUM |
| In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosure if a malicious app enables contacts over a bluetooth connection, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145130871 | |||||
| CVE-2020-13843 | 1 Google | 1 Android | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020). | |||||
| CVE-2020-10853 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 (January 2020). | |||||
| CVE-2020-0097 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139 | |||||