VYPR

Vendor CVEs

Google

All CVEs

11,353 total · sorted by risk
  • CVE-2024-34729Nov 13, 2024
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-34719Nov 13, 2024
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-31337Nov 13, 2024
    risk 0.00cvss epss 0.00

    In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-23715Nov 13, 2024
    risk 0.00cvss epss 0.00

    In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-35686Nov 13, 2024
    risk 0.00cvss epss 0.00

    In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-35659Nov 13, 2024
    risk 0.00cvss epss 0.00

    In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-11117Nov 12, 2024
    risk 0.00cvss epss 0.00

    Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2024-11116Nov 12, 2024
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-11115Nov 12, 2024
    risk 0.00cvss epss 0.00

    Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium)

  • CVE-2024-11114Nov 12, 2024
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-11113Nov 12, 2024
    risk 0.00cvss epss 0.00

    Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-11112Nov 12, 2024
    risk 0.00cvss epss 0.00

    Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-11111Nov 12, 2024
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-11110Nov 12, 2024
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2024-10668Nov 7, 2024
    risk 0.00cvss epss 0.00

    There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame…

  • CVE-2024-10827Nov 6, 2024
    risk 0.00cvss epss 0.01

    Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-10826Nov 6, 2024
    risk 0.00cvss epss 0.01

    Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-10488Oct 29, 2024
    risk 0.00cvss epss 0.01

    Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-10487Oct 29, 2024
    risk 0.00cvss epss 0.01

    Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2024-47041Oct 25, 2024
    risk 0.00cvss epss 0.00

    In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-47035Oct 25, 2024
    risk 0.00cvss epss 0.00

    In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-47034Oct 25, 2024
    risk 0.00cvss epss 0.00

    there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-47033Oct 25, 2024
    risk 0.00cvss epss 0.00

    In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-47031Oct 25, 2024
    risk 0.00cvss epss 0.00

    Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861.

  • CVE-2024-47030Oct 25, 2024
    risk 0.00cvss epss 0.00

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818.

  • CVE-2024-47029Oct 25, 2024
    risk 0.00cvss epss 0.00

    In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2024-47028Oct 25, 2024
    risk 0.00cvss epss 0.00

    In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-47027Oct 25, 2024
    risk 0.00cvss epss 0.00

    In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-47026Oct 25, 2024
    risk 0.00cvss epss 0.00

    In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-47025Oct 25, 2024
    risk 0.00cvss epss 0.00

    In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-47024Oct 25, 2024
    risk 0.00cvss epss 0.00

    In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-47023Oct 25, 2024
    risk 0.00cvss epss 0.00

    there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-47022Oct 25, 2024
    risk 0.00cvss epss 0.00

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.

  • CVE-2024-47021Oct 25, 2024
    risk 0.00cvss epss 0.00

    In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-47020Oct 25, 2024
    risk 0.00cvss epss 0.00

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.

  • CVE-2024-47019Oct 25, 2024
    risk 0.00cvss epss 0.00

    In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

  • CVE-2024-47018Oct 25, 2024
    risk 0.00cvss epss 0.00

    In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-47017Oct 25, 2024
    risk 0.00cvss epss 0.00

    In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-47016Oct 25, 2024
    risk 0.00cvss epss 0.00

    there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-47015Oct 25, 2024
    risk 0.00cvss epss 0.00

    In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for…

  • CVE-2024-47014Oct 25, 2024
    risk 0.00cvss epss 0.00

    Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292.

  • CVE-2024-47013Oct 25, 2024
    risk 0.00cvss epss 0.00

    In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-47012Oct 25, 2024
    risk 0.00cvss epss 0.00

    In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-44101Oct 25, 2024
    risk 0.00cvss epss 0.00

    there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-44100Oct 25, 2024
    risk 0.00cvss epss 0.00

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.

  • CVE-2024-44099Oct 25, 2024
    risk 0.00cvss epss 0.00

    There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-44098Oct 25, 2024
    risk 0.00cvss epss 0.00

    In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-10231Oct 22, 2024
    risk 0.00cvss epss 0.00

    Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-10230Oct 22, 2024
    risk 0.00cvss epss 0.01

    Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-10229Oct 22, 2024
    risk 0.00cvss epss 0.01

    Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)

Page 190 of 228