VYPR

Vendor CVEs

Google

All CVEs

11,329 total · sorted by risk
  • CVE-2015-6775Dec 6, 2015
    risk 0.00cvss epss 0.02

    fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

  • CVE-2015-6774Dec 6, 2015
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted…

  • CVE-2015-6773Dec 6, 2015
    risk 0.00cvss epss 0.02

    The convolution implementation in Skia, as used in Google Chrome before 47.0.2526.73, does not properly constrain row lengths, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted graphics…

  • CVE-2015-6772Dec 6, 2015
    risk 0.00cvss epss 0.02

    The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts…

  • CVE-2015-6771Dec 6, 2015
    risk 0.00cvss epss 0.02

    js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via…

  • CVE-2015-6770Dec 6, 2015
    risk 0.00cvss epss 0.02

    The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768.

  • CVE-2015-6769Dec 6, 2015
    risk 0.00cvss epss 0.02

    The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveraging a delay in window proxy clearing.

  • CVE-2015-6768Dec 6, 2015
    risk 0.00cvss epss 0.02

    The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770.

  • CVE-2015-6767Dec 6, 2015
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in content/browser/appcache/appcache_dispatcher_host.cc in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect pointer…

  • CVE-2015-6766Dec 6, 2015
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers with renderer access to cause a denial of service or possibly have unspecified other impact by leveraging incorrect AppCacheUpdateJob behavior associated with…

  • CVE-2015-6765Dec 6, 2015
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in content/browser/appcache/appcache_update_job.cc in Google Chrome before 47.0.2526.73 allows remote attackers to execute arbitrary code or cause a denial of service by leveraging the mishandling of AppCache update jobs.

  • CVE-2015-8221Nov 17, 2015
    risk 0.00cvss epss 0.04

    Integer overflow in Google Picasa before 3.9.140 Build 259 allows remote attackers to execute arbitrary code via the CAMF section in a FOVb image, which triggers a heap-based buffer overflow.

  • CVE-2015-1302Nov 11, 2015
    risk 0.00cvss epss 0.02

    The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and…

  • CVE-2015-8096Nov 9, 2015
    risk 0.00cvss epss 0.04

    Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 allows remote attackers to execute arbitrary code via unspecified vectors related to "phase one 0x412 tag," which triggers a heap-based buffer overflow.

  • CVE-2015-8074Nov 3, 2015
    risk 0.00cvss epss 0.01

    mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611.

  • CVE-2015-8073Nov 3, 2015
    risk 0.00cvss epss 0.02

    mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072.

  • CVE-2015-8072Nov 3, 2015
    risk 0.00cvss epss 0.02

    mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23881715, a different vulnerability than…

  • CVE-2015-6614Nov 3, 2015
    risk 0.00cvss epss 0.01

    Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage or mute manipulation), via a crafted…

  • CVE-2015-6613Nov 3, 2015
    risk 0.00cvss epss 0.01

    Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736.

  • CVE-2015-6612Nov 3, 2015
    risk 0.00cvss epss 0.03

    libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.

  • CVE-2015-6611Nov 3, 2015
    risk 0.00cvss epss 0.01

    mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23905951, 23912202, 23953967, 23696300, 23600291,…

  • CVE-2015-6610Nov 3, 2015
    risk 0.00cvss epss 0.01

    libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088.

  • CVE-2015-6609Nov 3, 2015
    risk 0.00cvss epss 0.02

    libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.

  • CVE-2015-6608Nov 3, 2015
    risk 0.00cvss epss 0.02

    mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different…

  • CVE-2015-7834Oct 15, 2015
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2015-6762Oct 15, 2015
    risk 0.00cvss epss 0.02

    The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a…

  • CVE-2015-6761Oct 15, 2015
    risk 0.00cvss epss 0.01

    The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race…

  • CVE-2015-6760Oct 15, 2015
    risk 0.00cvss epss 0.01

    The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have…

  • CVE-2015-6759Oct 15, 2015
    risk 0.00cvss epss 0.01

    The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information…

  • CVE-2015-6758Oct 15, 2015
    risk 0.00cvss epss 0.01

    The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have…

  • CVE-2015-6757Oct 15, 2015
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object…

  • CVE-2015-6756Oct 15, 2015
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by…

  • CVE-2015-6755Oct 15, 2015
    risk 0.00cvss epss 0.02

    The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass…

  • CVE-2015-1304Oct 12, 2015
    risk 0.00cvss epss 0.02

    object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.

  • CVE-2015-1303Oct 12, 2015
    risk 0.00cvss epss 0.02

    bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document…

  • CVE-2015-7718Oct 6, 2015
    risk 0.00cvss epss 0.00

    mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605.

  • CVE-2015-7717Oct 6, 2015
    risk 0.00cvss epss 0.01

    mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.

  • CVE-2015-7716Oct 6, 2015
    risk 0.00cvss epss 0.02

    libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than CVE-2015-3873.

  • CVE-2015-6607Oct 6, 2015
    risk 0.00cvss epss 0.02

    SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.

  • CVE-2015-6606Oct 6, 2015
    risk 0.00cvss epss 0.01

    The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22301786.

  • CVE-2015-6605Oct 6, 2015
    risk 0.00cvss epss 0.01

    mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718.

  • CVE-2015-6604Oct 6, 2015
    risk 0.00cvss epss 0.02

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786.

  • CVE-2015-6603Oct 6, 2015
    risk 0.00cvss epss 0.02

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354.

  • CVE-2015-6601Oct 6, 2015
    risk 0.00cvss epss 0.02

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234.

  • CVE-2015-6600Oct 6, 2015
    risk 0.00cvss epss 0.02

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938.

  • CVE-2015-6599Oct 6, 2015
    risk 0.00cvss epss 0.02

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608.

  • CVE-2015-6598Oct 6, 2015
    risk 0.00cvss epss 0.02

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638.

  • CVE-2015-6596Oct 6, 2015
    risk 0.00cvss epss 0.01

    mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717.

  • CVE-2015-3879Oct 6, 2015
    risk 0.00cvss epss 0.01

    Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325.

  • CVE-2015-3878Oct 6, 2015
    risk 0.00cvss epss 0.01

    Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that references a long application name, aka internal…

Page 201 of 227