VYPR

Vendor CVEs

Google

All CVEs

11,329 total · sorted by risk
  • CVE-2017-0878HigDec 6, 2017
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291.

  • CVE-2017-0877HigDec 6, 2017
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937.

  • CVE-2017-0876HigDec 6, 2017
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675.

  • CVE-2017-0872HigDec 6, 2017
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323.

  • CVE-2017-5122HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page.

  • CVE-2017-5114HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

  • CVE-2017-5113HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5111HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

  • CVE-2017-5108HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.

  • CVE-2017-5100HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5099HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page.

  • CVE-2017-5097HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5095HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.

  • CVE-2017-5092HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2017-5091HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5088HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.03

    Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

  • CVE-2017-5087HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape.

  • CVE-2017-5080HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5078HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.03

    Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters…

  • CVE-2017-5077HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.03

    Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5073HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5064HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5063HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5062HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension.

  • CVE-2017-5059HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.03

    Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.

  • CVE-2017-5058HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2017-5057HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2017-5056HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5055HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5054HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.

  • CVE-2017-5052HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting.

  • CVE-2017-14496HigOct 3, 2017
    risk 0.57cvss 7.5epss 0.66

    Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

  • CVE-2017-0782HigSep 14, 2017
    risk 0.57cvss 8.8epss 0.02

    A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237.

  • CVE-2017-0791HigSep 8, 2017
    risk 0.57cvss 8.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302.

  • CVE-2017-0790HigSep 8, 2017
    risk 0.57cvss 8.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101.

  • CVE-2017-0789HigSep 8, 2017
    risk 0.57cvss 8.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102.

  • CVE-2017-0788HigSep 8, 2017
    risk 0.57cvss 8.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103.

  • CVE-2017-0787HigSep 8, 2017
    risk 0.57cvss 8.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104.

  • CVE-2017-0786HigSep 8, 2017
    risk 0.57cvss 8.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101.

  • CVE-2017-0784HigSep 8, 2017
    risk 0.57cvss 8.8epss 0.00

    A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.

  • CVE-2017-6421HigAug 16, 2017
    risk 0.57cvss 8.8epss 0.01

    In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow.

  • CVE-2016-5861HigAug 16, 2017
    risk 0.57cvss 8.8epss 0.00

    In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow.

  • CVE-2016-5177HigMay 23, 2017
    risk 0.57cvss 8.8epss 0.01

    Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

  • CVE-2017-5051HigApr 25, 2017
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

  • CVE-2017-5050HigApr 25, 2017
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

  • CVE-2017-5049HigApr 25, 2017
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

  • CVE-2017-5048HigApr 25, 2017
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

  • CVE-2017-5047HigApr 25, 2017
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

  • CVE-2017-5043HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.01

    Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

  • CVE-2017-5034HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

Page 17 of 227