VYPR

Vendor CVEs

Google

All CVEs

11,415 total · sorted by risk
  • CVE-2018-6075MedNov 14, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.

  • CVE-2018-6069MedNov 14, 2018
    risk 0.42cvss 6.5epss 0.02

    Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-6066MedNov 14, 2018
    risk 0.42cvss 6.5epss 0.03

    Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2018-17468MedNov 14, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.

  • CVE-2018-9510MedOct 2, 2018
    risk 0.42cvss 6.5epss 0.01

    In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2018-9509MedOct 2, 2018
    risk 0.42cvss 6.5epss 0.01

    In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2018-9508MedOct 2, 2018
    risk 0.42cvss 6.5epss 0.01

    In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2018-9507MedOct 2, 2018
    risk 0.42cvss 6.5epss 0.01

    In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2018-9506MedOct 2, 2018
    risk 0.42cvss 6.5epss 0.01

    In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2018-9505MedOct 2, 2018
    risk 0.42cvss 6.5epss 0.01

    In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2018-9502MedOct 2, 2018
    risk 0.42cvss 6.5epss 0.01

    In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2018-6119MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2018-6050MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2018-6049MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.

  • CVE-2018-6045MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.

  • CVE-2018-6040MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.

  • CVE-2018-6038MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.02

    Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-6037MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.02

    Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.

  • CVE-2018-6036MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.02

    Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.

  • CVE-2018-6032MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.

  • CVE-2017-15396MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15426MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-15425MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-15424MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-15422MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-15420MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2017-15419MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.

  • CVE-2017-15416MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.

  • CVE-2017-15415MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.

  • CVE-2017-13257MedApr 4, 2018
    risk 0.42cvss 6.5epss 0.01

    In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for…

  • CVE-2017-9681MedMar 30, 2018
    risk 0.42cvss 6.5epss 0.00

    In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set…

  • CVE-2017-13235MedFeb 12, 2018
    risk 0.42cvss 6.5epss 0.00

    A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866.

  • CVE-2017-13234MedFeb 12, 2018
    risk 0.42cvss 6.5epss 0.01

    In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1,…

  • CVE-2017-13233MedFeb 12, 2018
    risk 0.42cvss 6.5epss 0.01

    In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0,…

  • CVE-2017-15395MedFeb 7, 2018
    risk 0.42cvss 6.5epss 0.01

    A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.

  • CVE-2017-15394MedFeb 7, 2018
    risk 0.42cvss 6.5epss 0.02

    Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.

  • CVE-2017-15391MedFeb 7, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.

  • CVE-2017-15390MedFeb 7, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-15389MedFeb 7, 2018
    risk 0.42cvss 6.5epss 0.01

    An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2017-15386MedFeb 7, 2018
    risk 0.42cvss 6.5epss 0.02

    Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2017-13148MedDec 6, 2017
    risk 0.42cvss 6.5epss 0.00

    A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65717533.

  • CVE-2017-0880MedDec 6, 2017
    risk 0.42cvss 6.5epss 0.00

    A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012.

  • CVE-2017-0874MedDec 6, 2017
    risk 0.42cvss 6.5epss 0.00

    A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932.

  • CVE-2017-0873MedDec 6, 2017
    risk 0.42cvss 6.5epss 0.00

    A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255.

  • CVE-2017-5120MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words,…

  • CVE-2017-5117MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.02

    Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2017-5110MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

  • CVE-2017-5106MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-5105MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-5104MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page.

Page 135 of 229