VYPR

Vendor CVEs

Google

All CVEs

11,416 total · sorted by risk
  • CVE-2021-38009MedDec 23, 2021
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2021-39642MedDec 15, 2021
    risk 0.42cvss 6.4epss 0.00

    In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0993MedDec 15, 2021
    risk 0.42cvss 6.5epss 0.01

    In getOffsetBeforeAfter of TextLine.java, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0976MedDec 15, 2021
    risk 0.42cvss 6.5epss 0.01

    In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android…

  • CVE-2021-0971MedDec 15, 2021
    risk 0.42cvss 6.5epss 0.01

    In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2021-0969MedDec 15, 2021
    risk 0.42cvss 6.5epss 0.01

    In getTitle of AccessPoint.java, there is a possible unhandled exception due to a missing null check. This could lead to remote denial of service if a proximal Wi-Fi AP provides invalid information with no additional execution privileges needed. User interaction is needed for…

  • CVE-2021-0964MedDec 15, 2021
    risk 0.42cvss 6.5epss 0.01

    In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2021-0650MedDec 15, 2021
    risk 0.42cvss 6.5epss 0.01

    In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2020-16048MedNov 2, 2021
    risk 0.42cvss 6.5epss 0.01

    Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page.

  • CVE-2018-6125MedNov 2, 2021
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.

  • CVE-2021-37995MedNov 2, 2021
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2021-37994MedNov 2, 2021
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2021-37989MedNov 2, 2021
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.

  • CVE-2021-0582MedAug 17, 2021
    risk 0.42cvss 6.5epss 0.00

    In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0578MedAug 17, 2021
    risk 0.42cvss 6.5epss 0.00

    In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-30584MedAug 3, 2021
    risk 0.42cvss 6.5epss 0.02

    Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2021-30583MedAug 3, 2021
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2021-30580MedAug 3, 2021
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page.

  • CVE-2021-0551MedJun 22, 2021
    risk 0.42cvss 6.5epss 0.01

    In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for…

  • CVE-2021-0559MedJun 22, 2021
    risk 0.42cvss 6.5epss 0.01

    In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0504MedJun 21, 2021
    risk 0.42cvss 6.5epss 0.00

    In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-30540MedJun 7, 2021
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2021-30534MedJun 7, 2021
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2021-30531MedJun 7, 2021
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2021-21229MedApr 30, 2021
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2021-21222MedApr 26, 2021
    risk 0.42cvss 6.5epss 0.02

    Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

  • CVE-2021-21221MedApr 26, 2021
    risk 0.42cvss 6.5epss 0.02

    Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

  • CVE-2021-21212MedApr 26, 2021
    risk 0.42cvss 6.5epss 0.02

    Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.

  • CVE-2021-21211MedApr 26, 2021
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2021-21210MedApr 26, 2021
    risk 0.42cvss 6.5epss 0.02

    Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.

  • CVE-2021-21209MedApr 26, 2021
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2021-21208MedApr 26, 2021
    risk 0.42cvss 6.5epss 0.01

    Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code.

  • CVE-2021-0387MedMar 10, 2021
    risk 0.42cvss 6.4epss 0.00

    In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0379MedMar 10, 2021
    risk 0.42cvss 6.5epss 0.01

    In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0368MedMar 10, 2021
    risk 0.42cvss 6.5epss 0.01

    In oggpack_look of bitwise.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-21182MedMar 9, 2021
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

  • CVE-2021-21181MedMar 9, 2021
    risk 0.42cvss 6.5epss 0.02

    Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2021-21178MedMar 9, 2021
    risk 0.42cvss 6.5epss 0.02

    Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2021-21176MedMar 9, 2021
    risk 0.42cvss 6.5epss 0.02

    Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2021-21175MedMar 9, 2021
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2021-21173MedMar 9, 2021
    risk 0.42cvss 6.5epss 0.02

    Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2021-21171MedMar 9, 2021
    risk 0.42cvss 6.5epss 0.02

    Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2021-21170MedMar 9, 2021
    risk 0.42cvss 6.5epss 0.02

    Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2021-21168MedMar 9, 2021
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2021-21164MedMar 9, 2021
    risk 0.42cvss 6.5epss 0.01

    Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2021-21163MedMar 9, 2021
    risk 0.42cvss 6.5epss 0.01

    Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server.

  • CVE-2021-0401MedFeb 26, 2021
    risk 0.42cvss 6.4epss 0.00

    In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID:…

  • CVE-2021-21133MedFeb 9, 2021
    risk 0.42cvss 6.5epss 0.03

    Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.

  • CVE-2020-16042MedJan 8, 2021
    risk 0.42cvss 6.5epss 0.01

    Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2020-16036MedJan 8, 2021
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass cookie restrictions via a crafted HTML page.

Page 127 of 229