VYPR

Vendor CVEs

Google

All CVEs

11,329 total · sorted by risk
  • CVE-2024-3175Jul 16, 2024
    risk 0.00cvss epss 0.00

    Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)

  • CVE-2024-3174Jul 16, 2024
    risk 0.00cvss epss 0.00

    Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3173Jul 16, 2024
    risk 0.00cvss epss 0.00

    Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

  • CVE-2024-3172Jul 16, 2024
    risk 0.00cvss epss 0.00

    Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3171Jul 16, 2024
    risk 0.00cvss epss 0.00

    Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

  • CVE-2024-3170Jul 16, 2024
    risk 0.00cvss epss 0.00

    Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3169Jul 16, 2024
    risk 0.00cvss epss 0.00

    Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3168Jul 16, 2024
    risk 0.00cvss epss 0.00

    Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-2884Jul 16, 2024
    risk 0.00cvss epss 0.00

    Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-7013Jul 16, 2024
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-7011Jul 16, 2024
    risk 0.00cvss epss 0.00

    Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-6779Jul 16, 2024
    risk 0.00cvss epss 0.01

    Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-6777Jul 16, 2024
    risk 0.00cvss epss 0.00

    Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2024-6776Jul 16, 2024
    risk 0.00cvss epss 0.00

    Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-6775Jul 16, 2024
    risk 0.00cvss epss 0.00

    Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-6774Jul 16, 2024
    risk 0.00cvss epss 0.00

    Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-6773Jul 16, 2024
    risk 0.00cvss epss 0.00

    Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-6772Jul 16, 2024
    risk 0.00cvss epss 0.01

    Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-34726Jul 9, 2024
    risk 0.00cvss epss 0.00

    In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-34725Jul 9, 2024
    risk 0.00cvss epss 0.00

    In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-34724Jul 9, 2024
    risk 0.00cvss epss 0.00

    In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-34723Jul 9, 2024
    risk 0.00cvss epss 0.00

    In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…

  • CVE-2024-34722Jul 9, 2024
    risk 0.00cvss epss 0.00

    In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-34721Jul 9, 2024
    risk 0.00cvss epss 0.00

    In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-34720Jul 9, 2024
    risk 0.00cvss epss 0.00

    In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local…

  • CVE-2024-31339Jul 9, 2024
    risk 0.00cvss epss 0.00

    In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-31335Jul 9, 2024
    risk 0.00cvss epss 0.00

    In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-31334Jul 9, 2024
    risk 0.00cvss epss 0.00

    In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-31332Jul 9, 2024
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-31331Jul 9, 2024
    risk 0.00cvss epss 0.00

    In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

  • CVE-2024-31320Jul 9, 2024
    risk 0.00cvss epss 0.00

    In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2024-31327Jul 9, 2024
    risk 0.00cvss epss 0.00

    In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-31326Jul 9, 2024
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-31325Jul 9, 2024
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-31324Jul 9, 2024
    risk 0.00cvss epss 0.00

    In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User…

  • CVE-2024-31323Jul 9, 2024
    risk 0.00cvss epss 0.00

    In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-31322Jul 9, 2024
    risk 0.00cvss epss 0.00

    In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution…

  • CVE-2024-31319Jul 9, 2024
    risk 0.00cvss epss 0.00

    In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2024-31318Jul 9, 2024
    risk 0.00cvss epss 0.00

    In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

  • CVE-2024-31316Jul 9, 2024
    risk 0.00cvss epss 0.00

    In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-31315Jul 9, 2024
    risk 0.00cvss epss 0.00

    In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2024-31314Jul 9, 2024
    risk 0.00cvss epss 0.00

    In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-31313Jul 9, 2024
    risk 0.00cvss epss 0.00

    In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-31312Jul 9, 2024
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-31311Jul 9, 2024
    risk 0.00cvss epss 0.00

    In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-31310Jul 9, 2024
    risk 0.00cvss epss 0.00

    In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2024-23711Jul 9, 2024
    risk 0.00cvss epss 0.00

    In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-23698Jul 9, 2024
    risk 0.00cvss epss 0.00

    In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-23697Jul 9, 2024
    risk 0.00cvss epss 0.00

    In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-23696Jul 9, 2024
    risk 0.00cvss epss 0.00

    In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Page 193 of 227