VYPR

Vendor CVEs

Google

All CVEs

11,329 total · sorted by risk
  • CVE-2024-0031Feb 16, 2024
    risk 0.00cvss epss 0.01

    In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0030Feb 16, 2024
    risk 0.00cvss epss 0.00

    In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0029Feb 16, 2024
    risk 0.00cvss epss 0.00

    In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-0014Feb 16, 2024
    risk 0.00cvss epss 0.00

    In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40122Feb 16, 2024
    risk 0.00cvss epss 0.00

    In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40093Feb 16, 2024
    risk 0.00cvss epss 0.00

    In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40124Feb 15, 2024
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40115Feb 15, 2024
    risk 0.00cvss epss 0.00

    In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40114Feb 15, 2024
    risk 0.00cvss epss 0.00

    In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2023-40113Feb 15, 2024
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40112Feb 15, 2024
    risk 0.00cvss epss 0.00

    In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed…

  • CVE-2023-40111Feb 15, 2024
    risk 0.00cvss epss 0.00

    In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed…

  • CVE-2023-40110Feb 15, 2024
    risk 0.00cvss epss 0.00

    In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2023-40109Feb 15, 2024
    risk 0.00cvss epss 0.00

    In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2023-40107Feb 15, 2024
    risk 0.00cvss epss 0.00

    In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40106Feb 15, 2024
    risk 0.00cvss epss 0.00

    In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2023-40105Feb 15, 2024
    risk 0.00cvss epss 0.00

    In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40104Feb 15, 2024
    risk 0.00cvss epss 0.00

    In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40100Feb 15, 2024
    risk 0.00cvss epss 0.00

    In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-45149MedOct 16, 2023
    risk 0.00cvss 4.3epss 0.00

    Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is…

  • CVE-2023-30845HigApr 26, 2023
    risk 0.00cvss 8.2epss 0.01

    ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT…

  • CVE-2023-30540LowApr 17, 2023
    risk 0.00cvss 3.5epss 0.01

    Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in…

  • CVE-2023-28845LowMar 31, 2023
    risk 0.00cvss 3.5epss 0.00

    Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation,…

  • CVE-2022-20409MedOct 11, 2022
    risk 0.00cvss 6.7epss 0.01

    In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2022-39212MedSep 17, 2022
    risk 0.00cvss 4.3epss 0.01

    Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is…

  • CVE-2022-35932LowAug 12, 2022
    risk 0.00cvss 3.5epss 0.01

    Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk…

  • CVE-2022-24890LowMay 17, 2022
    risk 0.00cvss 2.4epss 0.01

    Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5…

  • CVE-2022-24887MedApr 27, 2022
    risk 0.00cvss 4.3epss 0.01

    Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs.…

  • CVE-2021-22572MedMar 29, 2022
    risk 0.00cvss 5.5epss 0.00

    On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is…

  • CVE-2021-22571MedMar 18, 2022
    risk 0.00cvss 5.5epss 0.00

    A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.

  • CVE-2021-41180MedMar 8, 2022
    risk 0.00cvss 4.7epss 0.01

    Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user…

  • CVE-2021-22552MedAug 2, 2021
    risk 0.00cvss 5.3epss 0.00

    An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We…

  • CVE-2021-22550MedJun 8, 2021
    risk 0.00cvss 6.5epss 0.00

    An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c

  • CVE-2021-22549MedJun 8, 2021
    risk 0.00cvss 6.5epss 0.00

    An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c

  • CVE-2021-22548MedJun 8, 2021
    risk 0.00cvss 6.5epss 0.00

    An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recommended to update past…

  • CVE-2021-22547MedMay 4, 2021
    risk 0.00cvss 6.3epss 0.00

    In IoT Devices SDK, there is an implementation of calloc() that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We…

  • CVE-2020-8944MedDec 15, 2020
    risk 0.00cvss 5.3epss 0.00

    An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses…

  • CVE-2020-8943MedDec 15, 2020
    risk 0.00cvss 5.3epss 0.00

    An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory…

  • CVE-2020-8942MedDec 15, 2020
    risk 0.00cvss 5.3epss 0.00

    An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_read whose return size was not validated against the requrested size. The parameter size is unchecked allowing the attacker to read memory locations…

  • CVE-2020-8941MedDec 15, 2020
    risk 0.00cvss 5.3epss 0.00

    An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_inet_pton using an attacker controlled klinux_addr_buffer parameter. The parameter size is unchecked allowing the attacker to read memory locations…

  • CVE-2020-8940MedDec 15, 2020
    risk 0.00cvss 5.3epss 0.00

    An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvmsg using an attacker controlled result parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the…

  • CVE-2020-8939MedDec 15, 2020
    risk 0.00cvss 5.3epss 0.00

    An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4

  • CVE-2020-8938MedDec 15, 2020
    risk 0.00cvss 5.3epss 0.00

    An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave. We recommend…

  • CVE-2020-8937MedDec 15, 2020
    risk 0.00cvss 5.3epss 0.00

    An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an…

  • CVE-2020-8936MedDec 15, 2020
    risk 0.00cvss 5.3epss 0.00

    An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx_params and allowed the host to return a pointer that was an address within the enclave…

  • CVE-2020-8935MedDec 15, 2020
    risk 0.00cvss 5.3epss 0.00

    An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecall_restore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library.

  • CVE-2020-8905LowAug 12, 2020
    risk 0.00cvss 2.8epss 0.00

    A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different…

  • CVE-2020-8904MedAug 12, 2020
    risk 0.00cvss 6.4epss 0.00

    An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary…

  • CVE-2020-6506MedJul 22, 2020
    risk 0.00cvss 6.5epss 0.04

    Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page.

  • CVE-2020-8933HigJun 22, 2020
    risk 0.00cvss 7.8epss 0.00

    A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and…

Page 199 of 227