VYPR

Vendor CVEs

Google

All CVEs

11,367 total · sorted by risk
  • CVE-2023-7013MedJul 16, 2024
    risk 0.31cvss 4.7epss 0.00

    Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-4755MedJun 21, 2024
    risk 0.31cvss 4.8epss 0.00

    The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…

  • CVE-2024-32904MedJun 13, 2024
    risk 0.31cvss 4.7epss 0.00

    In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

  • CVE-2024-32898MedJun 13, 2024
    risk 0.31cvss 4.7epss 0.00

    In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

  • CVE-2024-29778MedJun 13, 2024
    risk 0.31cvss 4.7epss 0.00

    In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for…

  • CVE-2023-21095MedJun 15, 2023
    risk 0.31cvss 4.7epss 0.00

    In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-0045MedApr 25, 2023
    risk 0.31cvss 4.7epss 0.02

    The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is…

  • CVE-2023-21031MedMar 24, 2023
    risk 0.31cvss 4.7epss 0.00

    In setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20214MedJan 26, 2023
    risk 0.31cvss 4.7epss 0.00

    In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID:…

  • CVE-2021-0443MedApr 13, 2021
    risk 0.31cvss 4.7epss 0.00

    In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is…

  • CVE-2020-0373MedSep 17, 2020
    risk 0.31cvss 4.7epss 0.00

    In SoundTriggerHwService, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android…

  • CVE-2020-0008MedJan 8, 2020
    risk 0.31cvss 4.7epss 0.00

    In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2019-2219MedDec 6, 2019
    risk 0.31cvss 4.7epss 0.00

    In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. This could lead to local escalation of privilege with User execution privileges…

  • CVE-2018-6082MedNov 14, 2018
    risk 0.31cvss 4.7epss 0.01

    Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.

  • CVE-2018-12440MedJun 15, 2018
    risk 0.31cvss 4.7epss 0.00

    BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

  • CVE-2017-5065MedOct 27, 2017
    risk 0.31cvss 4.7epss 0.01

    Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page.

  • CVE-2017-9676MedSep 21, 2017
    risk 0.31cvss 4.7epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock.

  • CVE-2017-8281MedSep 21, 2017
    risk 0.31cvss 4.7epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI.

  • CVE-2017-9682MedAug 18, 2017
    risk 0.31cvss 4.7epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.

  • CVE-2016-5858MedAug 16, 2017
    risk 0.31cvss 4.7epss 0.01

    In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs.

  • CVE-2016-5855MedAug 16, 2017
    risk 0.31cvss 4.7epss 0.00

    In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough.

  • CVE-2016-5854MedAug 16, 2017
    risk 0.31cvss 4.7epss 0.00

    In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace.

  • CVE-2016-5347MedAug 16, 2017
    risk 0.31cvss 4.7epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver.

  • CVE-2017-0651MedJun 14, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions:…

  • CVE-2017-0650MedJun 14, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0634MedMay 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0633MedMay 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions:…

  • CVE-2017-0632MedMay 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0631MedMay 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0630MedMay 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0629MedMay 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0628MedMay 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0627MedMay 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions:…

  • CVE-2017-0603MedMay 12, 2017
    risk 0.31cvss 4.7epss 0.00

    A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4,…

  • CVE-2016-10296MedMay 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2016-10295MedMay 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions:…

  • CVE-2016-10294MedMay 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2016-10293MedMay 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0586MedApr 7, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0585MedApr 7, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0584MedApr 7, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0330MedApr 5, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0328MedApr 5, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0537MedMar 8, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0536MedMar 8, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0535MedMar 8, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0534MedMar 8, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0533MedMar 8, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0532MedMar 8, 2017
    risk 0.31cvss 4.7epss 0.00

    An information disclosure vulnerability in the MediaTek video codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0531MedMar 8, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

Page 158 of 228