VYPR

Vendor CVEs

Google

All CVEs

11,337 total · sorted by risk
  • CVE-2024-27204Mar 11, 2024
    risk 0.00cvss epss 0.00

    In tmu_set_gov_active of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-25993Mar 11, 2024
    risk 0.00cvss epss 0.00

    In tmu_reset_tmu_trip_counter of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-25992Mar 11, 2024
    risk 0.00cvss epss 0.00

    In tmu_tz_control of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-25991Mar 11, 2024
    risk 0.00cvss epss 0.00

    In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-25990Mar 11, 2024
    risk 0.00cvss epss 0.00

    In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-25989Mar 11, 2024
    risk 0.00cvss epss 0.00

    In gpu_slc_liveness_update of pixel_gpu_slc.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-25988Mar 11, 2024
    risk 0.00cvss epss 0.00

    In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-25987Mar 11, 2024
    risk 0.00cvss epss 0.00

    In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-25986Mar 11, 2024
    risk 0.00cvss epss 0.00

    In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-25985Mar 11, 2024
    risk 0.00cvss epss 0.00

    In bigo_unlocked_ioctl of bigo.c, there is a possible UAF due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-25984Mar 11, 2024
    risk 0.00cvss epss 0.00

    In dumpBatteryDefend of dump_power.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-22011Mar 11, 2024
    risk 0.00cvss epss 0.00

    In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-22010Mar 11, 2024
    risk 0.00cvss epss 0.00

    In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-22009Mar 11, 2024
    risk 0.00cvss epss 0.00

    In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-22008Mar 11, 2024
    risk 0.00cvss epss 0.00

    In config_gov_time_windows of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-22007Mar 11, 2024
    risk 0.00cvss epss 0.00

    In constraint_check of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-22006Mar 11, 2024
    risk 0.00cvss epss 0.00

    OOB read in the TMU plugin that allows for memory disclosure in the power management subsystem of the device.

  • CVE-2024-22005Mar 11, 2024
    risk 0.00cvss epss 0.00

    there is a possible Authentication Bypass due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-23717Mar 11, 2024
    risk 0.00cvss epss 0.00

    In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction…

  • CVE-2024-0053Mar 11, 2024
    risk 0.00cvss epss 0.00

    In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0052Mar 11, 2024
    risk 0.00cvss epss 0.00

    In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0051Mar 11, 2024
    risk 0.00cvss epss 0.00

    In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0050Mar 11, 2024
    risk 0.00cvss epss 0.00

    In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0049Mar 11, 2024
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0048Mar 11, 2024
    risk 0.00cvss epss 0.00

    In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2024-0047Mar 11, 2024
    risk 0.00cvss epss 0.00

    In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction…

  • CVE-2024-0046Mar 11, 2024
    risk 0.00cvss epss 0.00

    In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-0045Mar 11, 2024
    risk 0.00cvss epss 0.00

    In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-2176Mar 6, 2024
    risk 0.00cvss epss 0.01

    Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-2174Mar 6, 2024
    risk 0.00cvss epss 0.13

    Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-2173Mar 6, 2024
    risk 0.00cvss epss 0.14

    Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-1938Feb 29, 2024
    risk 0.00cvss epss 0.01

    Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-1676Feb 21, 2024
    risk 0.00cvss epss 0.19

    Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2024-1675Feb 21, 2024
    risk 0.00cvss epss 0.10

    Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-1674Feb 21, 2024
    risk 0.00cvss epss 0.01

    Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-1673Feb 21, 2024
    risk 0.00cvss epss 0.01

    Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

  • CVE-2024-1672Feb 21, 2024
    risk 0.00cvss epss 0.01

    Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-1671Feb 21, 2024
    risk 0.00cvss epss 0.01

    Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-1670Feb 21, 2024
    risk 0.00cvss epss 0.09

    Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-1669Feb 21, 2024
    risk 0.00cvss epss 0.01

    Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-0023Feb 16, 2024
    risk 0.00cvss epss 0.00

    In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0021Feb 16, 2024
    risk 0.00cvss epss 0.00

    In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2024-0020Feb 16, 2024
    risk 0.00cvss epss 0.00

    In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed.…

  • CVE-2024-0019Feb 16, 2024
    risk 0.00cvss epss 0.00

    In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User…

  • CVE-2024-0018Feb 16, 2024
    risk 0.00cvss epss 0.00

    In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0017Feb 16, 2024
    risk 0.00cvss epss 0.00

    In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2024-0016Feb 16, 2024
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0015Feb 16, 2024
    risk 0.00cvss epss 0.00

    In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40085Feb 16, 2024
    risk 0.00cvss epss 0.00

    In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21165Feb 16, 2024
    risk 0.00cvss epss 0.00

    In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Page 198 of 227