VYPR

Vendor CVEs

Google

All CVEs

11,367 total · sorted by risk
  • CVE-2020-0158MedJun 11, 2020
    risk 0.29cvss 4.4epss 0.00

    In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0152MedJun 11, 2020
    risk 0.29cvss 4.4epss 0.00

    In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0151MedJun 11, 2020
    risk 0.29cvss 4.4epss 0.00

    In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible out of bounds read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0149MedJun 11, 2020
    risk 0.29cvss 4.4epss 0.00

    In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for…

  • CVE-2020-0146MedJun 11, 2020
    risk 0.29cvss 4.4epss 0.00

    In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for…

  • CVE-2020-0145MedJun 11, 2020
    risk 0.29cvss 4.4epss 0.00

    In btm_simple_pair_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for…

  • CVE-2020-0144MedJun 11, 2020
    risk 0.29cvss 4.4epss 0.00

    In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for…

  • CVE-2020-0141MedJun 11, 2020
    risk 0.29cvss 4.4epss 0.00

    In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. This could lead to remote information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0135MedJun 11, 2020
    risk 0.29cvss 4.4epss 0.00

    In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0077MedApr 17, 2020
    risk 0.29cvss 4.4epss 0.00

    In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0075MedApr 17, 2020
    risk 0.29cvss 4.4epss 0.00

    In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0068MedApr 17, 2020
    risk 0.29cvss 4.4epss 0.00

    In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: Android. Versions:…

  • CVE-2020-0067MedApr 17, 2020
    risk 0.29cvss 4.4epss 0.00

    In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions:…

  • CVE-2020-0060MedMar 10, 2020
    risk 0.29cvss 4.4epss 0.00

    In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0058MedMar 10, 2020
    risk 0.29cvss 4.4epss 0.00

    In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0044MedMar 10, 2020
    risk 0.29cvss 4.4epss 0.00

    In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2020-0043MedMar 10, 2020
    risk 0.29cvss 4.4epss 0.00

    In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0042MedMar 10, 2020
    risk 0.29cvss 4.4epss 0.00

    In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-0018MedFeb 13, 2020
    risk 0.29cvss 4.4epss 0.00

    In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0017MedFeb 13, 2020
    risk 0.29cvss 4.4epss 0.00

    In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2019-2231MedDec 6, 2019
    risk 0.29cvss 4.4epss 0.00

    In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9…

  • CVE-2019-9253MedSep 27, 2019
    risk 0.29cvss 4.4epss 0.00

    In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2019-9453MedSep 6, 2019
    risk 0.29cvss 4.4epss 0.00

    In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9452MedSep 6, 2019
    risk 0.29cvss 4.4epss 0.00

    In the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9449MedSep 6, 2019
    risk 0.29cvss 4.4epss 0.00

    In the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9445MedSep 6, 2019
    risk 0.29cvss 4.4epss 0.00

    In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9444MedSep 6, 2019
    risk 0.29cvss 4.4epss 0.00

    In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9245MedSep 6, 2019
    risk 0.29cvss 4.4epss 0.00

    In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2017-15814MedMar 16, 2018
    risk 0.29cvss 4.4epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is…

  • CVE-2015-8944MedAug 6, 2016
    risk 0.29cvss 5.5epss 0.01

    The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka…

  • CVE-2014-9900MedAug 6, 2016
    risk 0.29cvss 5.5epss 0.01

    The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted…

  • CVE-2014-9895MedAug 6, 2016
    risk 0.29cvss 5.5epss 0.01

    drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka…

  • CVE-2014-9892MedAug 6, 2016
    risk 0.29cvss 5.5epss 0.01

    The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information…

  • CVE-2016-0821MedMar 12, 2016
    risk 0.29cvss 5.5epss 0.00

    The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection…

  • CVE-2026-11695MedJun 9, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11685MedJun 9, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in MediaCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11668MedJun 9, 2026
    risk 0.28cvss 4.3epss 0.00

    Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. (Chromium security severity: High)

  • CVE-2026-11665MedJun 9, 2026
    risk 0.28cvss 4.3epss 0.00

    Out of bounds read in Dawn in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11309MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11302MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11300MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11298MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11294MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11292MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Insufficient policy enforcement in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11291MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Android Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11286MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11285MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11280MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11277MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11274MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Page 163 of 228