Filtered by vendor Google
Subscribe
Total
10294 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11001 | 1 Google | 1 Android | 2017-09-26 | 4.3 MEDIUM | 5.5 MEDIUM |
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read. | |||||
CVE-2017-10996 | 1 Google | 1 Android | 2017-09-26 | 7.1 HIGH | 5.5 MEDIUM |
In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. This error is not fatal, however the device might crash/reboot with memory violation/out of bounds access. | |||||
CVE-2017-9676 | 1 Google | 1 Android | 2017-09-26 | 2.6 LOW | 4.7 MEDIUM |
In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock. | |||||
CVE-2015-1527 | 1 Google | 1 Android | 2017-09-21 | 4.6 MEDIUM | 7.8 HIGH |
Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. | |||||
CVE-2015-3828 | 1 Google | 1 Android | 2017-09-20 | 10.0 HIGH | N/A |
The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826. | |||||
CVE-2015-3829 | 1 Google | 1 Android | 2017-09-20 | 10.0 HIGH | N/A |
Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261. | |||||
CVE-2014-7912 | 2 Dhcpcd Project, Google | 2 Dhcpcd, Android | 2017-09-20 | 6.8 MEDIUM | N/A |
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message. | |||||
CVE-2014-7913 | 2 Dhcpcd Project, Google | 2 Dhcpcd, Android | 2017-09-20 | 6.8 MEDIUM | N/A |
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message. | |||||
CVE-2015-1538 | 1 Google | 1 Android | 2017-09-20 | 10.0 HIGH | N/A |
Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496. | |||||
CVE-2015-3827 | 1 Google | 1 Android | 2017-09-20 | 9.3 HIGH | N/A |
The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261. | |||||
CVE-2015-3824 | 1 Google | 1 Android | 2017-09-20 | 10.0 HIGH | N/A |
The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261. | |||||
CVE-2015-3826 | 1 Google | 1 Android | 2017-09-20 | 5.0 MEDIUM | N/A |
The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to cause a denial of service (integer underflow, buffer over-read, and mediaserver process crash) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3828. | |||||
CVE-2015-1539 | 1 Google | 1 Android | 2017-09-20 | 10.0 HIGH | N/A |
Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493. | |||||
CVE-2013-1489 | 5 Google, Microsoft, Mozilla and 2 more | 6 Chrome, Internet Explorer, Firefox and 3 more | 2017-09-18 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability. | |||||
CVE-2013-2268 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2017-09-18 | 7.5 HIGH | N/A |
Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue." | |||||
CVE-2013-2849 | 1 Google | 1 Chrome | 2017-09-18 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | |||||
CVE-2013-2858 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-18 | 7.5 HIGH | N/A |
Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2013-2853 | 1 Google | 1 Chrome | 2017-09-18 | 6.8 MEDIUM | N/A |
The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation. | |||||
CVE-2013-2859 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-18 | 7.5 HIGH | N/A |
Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. | |||||
CVE-2013-2854 | 2 Google, Microsoft | 2 Chrome, Windows | 2017-09-18 | 7.5 HIGH | N/A |
Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. |