VYPR

Vendor CVEs

Google

All CVEs

11,367 total · sorted by risk
  • CVE-2016-2500MedJun 13, 2016
    risk 0.36cvss 5.5epss 0.00

    Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814.

  • CVE-2016-2499MedJun 13, 2016
    risk 0.36cvss 5.5epss 0.00

    AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug…

  • CVE-2016-2498MedJun 13, 2016
    risk 0.36cvss 5.5epss 0.00

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.

  • CVE-2016-2495MedJun 13, 2016
    risk 0.36cvss 5.5epss 0.01

    SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28076789.

  • CVE-2016-2460MedMay 9, 2016
    risk 0.36cvss 5.5epss 0.00

    mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and…

  • CVE-2016-2459MedMay 9, 2016
    risk 0.36cvss 5.5epss 0.00

    mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and…

  • CVE-2016-2458MedMay 9, 2016
    risk 0.36cvss 5.5epss 0.00

    The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and…

  • CVE-2016-2457MedMay 9, 2016
    risk 0.36cvss 5.5epss 0.00

    server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179.

  • CVE-2016-2454MedMay 9, 2016
    risk 0.36cvss 5.5epss 0.00

    The Qualcomm hardware video codec in Android before 2016-05-01 on Nexus 5 devices allows remote attackers to cause a denial of service (reboot) via a crafted file, aka internal bug 26221024.

  • CVE-2016-2427MedApr 18, 2016
    risk 0.36cvss 5.5epss 0.00

    The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application,…

  • CVE-2016-2426MedApr 18, 2016
    risk 0.36cvss 5.5epss 0.00

    server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted…

  • CVE-2016-2425MedApr 18, 2016
    risk 0.36cvss 5.5epss 0.00

    mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs…

  • CVE-2016-2424MedApr 18, 2016
    risk 0.36cvss 5.5epss 0.00

    server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted…

  • CVE-2016-2415MedApr 18, 2016
    risk 0.36cvss 5.5epss 0.00

    exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to…

  • CVE-2016-0831MedMar 12, 2016
    risk 0.36cvss 5.5epss 0.00

    The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted…

  • CVE-2026-11701MedJun 9, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11666MedJun 9, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11243MedJun 5, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11232MedJun 4, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)

  • CVE-2026-11157MedJun 4, 2026
    risk 0.35cvss 5.4epss 0.00

    Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2026-10984MedJun 4, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Accessibility in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9971MedMay 28, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8561MedMay 14, 2026
    risk 0.35cvss 5.4epss 0.00

    Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-8539MedMay 14, 2026
    risk 0.35cvss 5.4epss 0.00

    Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8019MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-8015MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-8012MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-8008MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

  • CVE-2026-8006MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

  • CVE-2026-8003MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)

  • CVE-2026-7998MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-7962MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2026-7958MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2026-7950MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Out of bounds read and write in GFX in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2026-7939MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7935MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7931MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-5895MedApr 8, 2026
    risk 0.35cvss 5.4epss 0.00

    Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)

  • CVE-2025-6557MedJun 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-6556MedJun 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-6555MedJun 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-5981MedJun 18, 2025
    risk 0.35cvss 6.5epss 0.00

    Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.

  • CVE-2025-5283MedMay 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-5281MedMay 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-5067MedMay 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-5064MedMay 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-3074MedApr 2, 2025
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-3073MedApr 2, 2025
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-3072MedApr 2, 2025
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-3071MedApr 2, 2025
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Page 154 of 228