VYPR

Vendor CVEs

Google

All CVEs

11,368 total · sorted by risk
  • CVE-2026-11281MedJun 5, 2026
    risk 0.33cvss 5.0epss 0.00

    Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. (Chromium security severity: Low)

  • CVE-2026-11276MedJun 5, 2026
    risk 0.33cvss 5.1epss 0.00

    Inappropriate implementation in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to bypass discretionary access control via malicious network traffic. (Chromium security severity: Low)

  • CVE-2026-9980MedMay 28, 2026
    risk 0.33cvss 5.0epss 0.00

    Insufficient validation of untrusted input in Printing in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9979MedMay 28, 2026
    risk 0.33cvss 5.0epss 0.00

    Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9942MedMay 28, 2026
    risk 0.33cvss 5.0epss 0.00

    Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9903MedMay 28, 2026
    risk 0.33cvss 5.0epss 0.00

    Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted MHTML page. (Chromium security severity: High)

  • CVE-2026-10010MedMay 28, 2026
    risk 0.33cvss 5.0epss 0.00

    Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8009MedMay 6, 2026
    risk 0.33cvss 5.0epss 0.00

    Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2024-56193MedMay 27, 2025
    risk 0.33cvss 5.1epss 0.00

    There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-56188MedMar 10, 2025
    risk 0.33cvss 5.1epss 0.00

    there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-56186MedMar 10, 2025
    risk 0.33cvss 5.1epss 0.00

    In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-56185MedMar 10, 2025
    risk 0.33cvss 5.1epss 0.00

    In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for…

  • CVE-2024-56184MedMar 10, 2025
    risk 0.33cvss 5.1epss 0.00

    In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-43090MedNov 13, 2024
    risk 0.33cvss 5.0epss 0.00

    In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.

  • CVE-2024-47030MedOct 25, 2024
    risk 0.33cvss 5.1epss 0.00

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818.

  • CVE-2024-27230MedMar 11, 2024
    risk 0.33cvss 5.1epss 0.00

    In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for…

  • CVE-2024-27223MedMar 11, 2024
    risk 0.33cvss 5.1epss 0.00

    In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed.…

  • CVE-2024-0019MedFeb 16, 2024
    risk 0.33cvss 5.0epss 0.00

    In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User…

  • CVE-2023-21307MedOct 30, 2023
    risk 0.33cvss 5.0epss 0.00

    In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for…

  • CVE-2023-21190MedJun 28, 2023
    risk 0.33cvss 5.0epss 0.00

    In btm_acl_encrypt_change of btm_acl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed.…

  • CVE-2023-21090MedApr 19, 2023
    risk 0.33cvss 5.0epss 0.00

    In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2023-0460MedMar 1, 2023
    risk 0.33cvss 5.1epss 0.00

    The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by…

  • CVE-2022-20521MedDec 16, 2022
    risk 0.33cvss 5.0epss 0.00

    In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2022-20394MedOct 11, 2022
    risk 0.33cvss 5.0epss 0.00

    In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2022-20266MedAug 12, 2022
    risk 0.33cvss 5.0epss 0.00

    In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2022-20196MedJun 15, 2022
    risk 0.33cvss 5.0epss 0.00

    In gallery3d and photos, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:…

  • CVE-2022-20195MedJun 15, 2022
    risk 0.33cvss 5.0epss 0.00

    In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-1023MedDec 15, 2021
    risk 0.33cvss 5.0epss 0.00

    In onCreate of RequestIgnoreBatteryOptimizations.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges…

  • CVE-2021-0952MedDec 15, 2021
    risk 0.33cvss 5.0epss 0.00

    In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user's contacts with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2021-0919MedDec 15, 2021
    risk 0.33cvss 5.0epss 0.00

    In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for…

  • CVE-2021-0687MedOct 6, 2021
    risk 0.33cvss 5.0epss 0.00

    In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11…

  • CVE-2021-0569MedJun 22, 2021
    risk 0.33cvss 5.0epss 0.00

    In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0338MedSep 17, 2020
    risk 0.33cvss 5.0epss 0.00

    In checkKeyIntent of AccountManagerService.java, there is a possible permission bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID:…

  • CVE-2020-0092MedMay 14, 2020
    risk 0.33cvss 5.0epss 0.00

    In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for…

  • CVE-2020-0031MedMar 10, 2020
    risk 0.33cvss 5.0epss 0.00

    In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2014-7951MedFeb 20, 2020
    risk 0.33cvss 4.6epss 0.01

    Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers.

  • CVE-2019-9239MedSep 27, 2019
    risk 0.33cvss 5.0epss 0.00

    In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121263487

  • CVE-2019-2040MedApr 19, 2019
    risk 0.33cvss 5.0epss 0.00

    In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2019-2039MedApr 19, 2019
    risk 0.33cvss 5.0epss 0.00

    In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…

  • CVE-2018-9438MedNov 6, 2018
    risk 0.33cvss 5.0epss 0.00

    When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation.…

  • CVE-2015-8956MedOct 10, 2016
    risk 0.33cvss 6.1epss 0.00

    The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.

  • CVE-2015-6645MedJan 6, 2016
    risk 0.33cvss 5.0epss 0.00

    SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.

  • CVE-2023-48413MedDec 8, 2023
    risk 0.32cvss 4.9epss 0.00

    In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-48397MedDec 8, 2023
    risk 0.32cvss 4.9epss 0.00

    In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2022-20606MedDec 16, 2022
    risk 0.32cvss 4.9epss 0.01

    In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for…

  • CVE-2020-0348MedSep 18, 2020
    risk 0.32cvss 4.9epss 0.01

    In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2016-5696MedAug 6, 2016
    risk 0.32cvss 4.8epss 0.15

    net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

  • CVE-2026-11249MedJun 5, 2026
    risk 0.31cvss 4.7epss 0.00

    Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11233MedJun 4, 2026
    risk 0.31cvss 4.7epss 0.00

    Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-8565MedMay 14, 2026
    risk 0.31cvss 4.7epss 0.00

    Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

Page 157 of 228