VYPR

Vendor CVEs

Google

All CVEs

11,415 total · sorted by risk
  • CVE-2020-0170MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.01

    In IMY_Event of eas_imelody.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android…

  • CVE-2020-0169MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.01

    In RTTTL_Event of eas_rtttl.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android…

  • CVE-2020-0162MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.01

    In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for…

  • CVE-2020-0161MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.01

    In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0127MedJun 11, 2020
    risk 0.42cvss 6.5epss 0.01

    In AudioStream::decode of AudioGroup.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the phone process with no additional execution privileges needed. User interaction is needed for…

  • CVE-2020-0126MedJun 11, 2020
    risk 0.42cvss 6.4epss 0.00

    In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:…

  • CVE-2020-6503MedJun 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2020-6502MedJun 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.

  • CVE-2020-6501MedJun 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2020-6500MedJun 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2020-6499MedJun 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page.

  • CVE-2020-6498MedJun 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2020-6497MedJun 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI.

  • CVE-2020-6495MedJun 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

  • CVE-2020-6494MedJun 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2011-2863MedJun 3, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2020-6491MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name.

  • CVE-2020-6487MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2020-6486MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2020-6485MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

  • CVE-2020-6484MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request.

  • CVE-2020-6483MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2020-6482MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

  • CVE-2020-6481MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name.

  • CVE-2020-6480MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions.

  • CVE-2020-6479MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.

  • CVE-2020-6478MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.

  • CVE-2020-6476MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

  • CVE-2020-6475MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.

  • CVE-2020-6473MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2020-6472MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension.

  • CVE-2020-6460MedMay 21, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name.

  • CVE-2020-6456MedApr 13, 2020
    risk 0.42cvss 6.5epss 0.01

    Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.

  • CVE-2020-6446MedApr 13, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2020-6445MedApr 13, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2020-6426MedMar 23, 2020
    risk 0.42cvss 6.5epss 0.03

    Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-0088MedMar 15, 2020
    risk 0.42cvss 6.5epss 0.01

    In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2020-0066MedMar 10, 2020
    risk 0.42cvss 6.4epss 0.00

    In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:…

  • CVE-2020-0049MedMar 10, 2020
    risk 0.42cvss 6.5epss 0.01

    In onReadBuffer() of StreamingSource.cpp, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0045MedMar 10, 2020
    risk 0.42cvss 6.4epss 0.00

    In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0021MedFeb 13, 2020
    risk 0.42cvss 6.5epss 0.01

    In removeUnusedPackagesLPw of PackageManagerService.java, there is a possible permanent denial-of-service due to a missing package dependency test. This could lead to remote denial of service with User execution privileges needed. User interaction is not needed for…

  • CVE-2020-6408MedFeb 11, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.

  • CVE-2020-6405MedFeb 11, 2020
    risk 0.42cvss 6.5epss 0.03

    Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2020-6401MedFeb 11, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2020-6400MedFeb 11, 2020
    risk 0.42cvss 6.5epss 0.02

    Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2020-6399MedFeb 11, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2020-6397MedFeb 11, 2020
    risk 0.42cvss 6.5epss 0.02

    Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.

  • CVE-2020-6395MedFeb 11, 2020
    risk 0.42cvss 6.5epss 0.02

    Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2020-6393MedFeb 11, 2020
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2010-3917MedFeb 6, 2020
    risk 0.42cvss 6.5epss 0.01

    Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site.

Page 129 of 229