VYPR

Vendor CVEs

Google

All CVEs

11,416 total · sorted by risk
  • CVE-2020-16027MedJan 8, 2021
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension.

  • CVE-2020-27067MedDec 15, 2020
    risk 0.42cvss 6.4epss 0.00

    In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:…

  • CVE-2020-27029MedDec 15, 2020
    risk 0.42cvss 6.5epss 0.01

    In TextView of TextView.java, there is a possible app hang due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0491MedDec 15, 2020
    risk 0.42cvss 6.5epss 0.01

    In readBlock of MatroskaExtractor.cpp, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0490MedDec 15, 2020
    risk 0.42cvss 6.5epss 0.01

    In floor1_info_unpack of floor1.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0450MedNov 10, 2020
    risk 0.42cvss 6.5epss 0.01

    In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-6557MedNov 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2020-15986MedNov 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15985MedNov 3, 2020
    risk 0.42cvss 6.5epss 0.02

    Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.

  • CVE-2020-15984MedNov 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.

  • CVE-2020-15982MedNov 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2020-15981MedNov 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2020-15977MedNov 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

  • CVE-2020-15973MedNov 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.

  • CVE-2020-0414MedOct 14, 2020
    risk 0.42cvss 6.5epss 0.01

    In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for…

  • CVE-2020-0411MedOct 14, 2020
    risk 0.42cvss 6.5epss 0.01

    In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-6568MedSep 21, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2020-6567MedSep 21, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2020-6566MedSep 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2020-6565MedSep 21, 2020
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2020-6564MedSep 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.

  • CVE-2020-6563MedSep 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

  • CVE-2020-6562MedSep 21, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2020-6561MedSep 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2020-6560MedSep 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2020-6558MedSep 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2020-6547MedSep 21, 2020
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page.

  • CVE-2020-6538MedSep 21, 2020
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2020-0268MedSep 18, 2020
    risk 0.42cvss 6.4epss 0.00

    In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643

  • CVE-2020-0363MedSep 17, 2020
    risk 0.42cvss 6.5epss 0.01

    In libmedia, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0362MedSep 17, 2020
    risk 0.42cvss 6.5epss 0.01

    In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0358MedSep 17, 2020
    risk 0.42cvss 6.4epss 0.00

    In SurfaceFlinger, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150227563

  • CVE-2020-0353MedSep 17, 2020
    risk 0.42cvss 6.5epss 0.01

    In libmp4extractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0351MedSep 17, 2020
    risk 0.42cvss 6.5epss 0.01

    In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0332MedSep 17, 2020
    risk 0.42cvss 6.5epss 0.01

    In libstagefright, there is a possible dead loop due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124783982

  • CVE-2020-0301MedSep 17, 2020
    risk 0.42cvss 6.5epss 0.01

    In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0428MedSep 17, 2020
    risk 0.42cvss 6.4epss 0.00

    In CamX code, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-123999783

  • CVE-2020-6526MedJul 22, 2020
    risk 0.42cvss 6.5epss 0.02

    Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2020-6521MedJul 22, 2020
    risk 0.42cvss 6.5epss 0.02

    Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2020-6511MedJul 22, 2020
    risk 0.42cvss 6.5epss 0.02

    Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2020-0211MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.01

    In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2020-0207MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.01

    In next_marker of jdmarker.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0205MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.01

    In the DaalaBitReader constructor of entropy_decoder.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for…

  • CVE-2020-0196MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.00

    In RegisterNotificationResponse::GetEvent of register_notification_packet.cc, there is a possible abort due to improper input validation. This could lead to remote denial of service of the Bluetooth service, over Bluetooth, with no additional execution privileges needed. User…

  • CVE-2020-0184MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.01

    In ihevcd_ref_list() of ihevcd_ref_list.c, there is a possible infinite loop due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0182MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.01

    In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0180MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.01

    In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2020-0175MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.01

    In XMF_ReadNode of eas_xmf.c, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0172MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.01

    In Parse_art of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android…

  • CVE-2020-0171MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.01

    In Parse_lart of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android…

Page 128 of 229