VYPR

Vendor CVEs

Google

All CVEs

11,416 total · sorted by risk
  • CVE-2016-3876MedSep 11, 2016
    risk 0.44cvss 6.8epss 0.00

    providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug…

  • CVE-2016-3875MedSep 11, 2016
    risk 0.44cvss 6.8epss 0.00

    server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884.

  • CVE-2014-9888HigAug 6, 2016
    risk 0.44cvss 7.8epss 0.00

    arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android…

  • CVE-2014-9870HigAug 6, 2016
    risk 0.44cvss 7.8epss 0.01

    The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal…

  • CVE-2014-9803HigJul 11, 2016
    risk 0.44cvss 7.8epss 0.01

    arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug…

  • CVE-2016-0774MedApr 27, 2016
    risk 0.44cvss 6.8epss 0.00

    The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the…

  • CVE-2026-52906HigJun 9, 2026
    risk 0.43cvss 7.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb ("9p: convert to the new mount API"), v9fs_apply_options() applies parsed mount flags with |= onto flags already set by…

  • CVE-2026-5892MedApr 8, 2026
    risk 0.43cvss 6.6epss 0.00

    Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-2172MedJun 23, 2025
    risk 0.43cvss epss 0.07

    Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames

  • CVE-2024-56187MedMar 10, 2025
    risk 0.43cvss 6.6epss 0.00

    In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-20941MedApr 19, 2023
    risk 0.43cvss 6.6epss 0.00

    In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2021-30582MedAug 3, 2021
    risk 0.43cvss 6.5epss 0.05

    Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2021-21141MedFeb 9, 2021
    risk 0.43cvss 6.5epss 0.05

    Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.

  • CVE-2021-21139MedFeb 9, 2021
    risk 0.43cvss 6.5epss 0.05

    Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2021-21137MedFeb 9, 2021
    risk 0.43cvss 6.5epss 0.06

    Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

  • CVE-2021-21136MedFeb 9, 2021
    risk 0.43cvss 6.5epss 0.04

    Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2021-21134MedFeb 9, 2021
    risk 0.43cvss 6.5epss 0.05

    Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.

  • CVE-2021-21131MedFeb 9, 2021
    risk 0.43cvss 6.5epss 0.08

    Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

  • CVE-2021-21130MedFeb 9, 2021
    risk 0.43cvss 6.5epss 0.05

    Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

  • CVE-2021-21129MedFeb 9, 2021
    risk 0.43cvss 6.5epss 0.05

    Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

  • CVE-2021-21126MedFeb 9, 2021
    risk 0.43cvss 6.5epss 0.09

    Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.

  • CVE-2021-21123MedFeb 9, 2021
    risk 0.43cvss 6.5epss 0.10

    Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

  • CVE-2020-6514MedJul 22, 2020
    risk 0.43cvss 6.5epss 0.08

    Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

  • CVE-2019-7090MedMay 24, 2019
    risk 0.43cvss 6.5epss 0.05

    Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful…

  • CVE-2019-5798MedMay 23, 2019
    risk 0.43cvss 6.5epss 0.03

    Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5124MedFeb 7, 2018
    risk 0.43cvss 6.1epss 0.05

    Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.

  • CVE-2015-6643MedJan 6, 2016
    risk 0.43cvss 6.6epss 0.00

    Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.

  • CVE-2026-12026MedJun 11, 2026
    risk 0.42cvss 6.5epss 0.00

    Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-12024MedJun 11, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11658MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11653MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-46306HigJun 8, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: flow_dissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE…

  • CVE-2026-11299MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11289MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11288MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11287MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11284MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11283MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Low)

  • CVE-2026-11278MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11275MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Page Info in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11271MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11270MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11268MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11263MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in WebAuthentication in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11258MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11227MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low)

  • CVE-2026-11226MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11225MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low)

  • CVE-2026-11223MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11222MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Incorrect security UI in Tab Strip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Page 119 of 229