VYPR

Vendor CVEs

Google

All CVEs

11,474 total · sorted by risk
  • CVE-2018-17479HigJun 27, 2019
    risk 0.57cvss 8.8epss 0.01

    Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-17478HigJun 27, 2019
    risk 0.57cvss 8.8epss 0.01

    Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

  • CVE-2018-16070HigJun 27, 2019
    risk 0.57cvss 8.8epss 0.01

    Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-2018HigJun 19, 2019
    risk 0.57cvss 8.8epss 0.01

    In resetPasswordInternal of DevicePolicyManagerService.java, there is a possible bypass of password reset protection due to an unusual root cause. Remote user interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-110172241

  • CVE-2019-2003HigJun 19, 2019
    risk 0.57cvss 8.8epss 0.01

    In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. This could lead to remote code execution or misdirection of clicks with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2019-2016HigJun 19, 2019
    risk 0.57cvss 8.8epss 0.01

    In NFA_SendRawFrame of nfa_dm_api.cc, there is a possible out-of-bound write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2019-2015HigJun 19, 2019
    risk 0.57cvss 8.8epss 0.01

    In rw_t3t_act_handle_check_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2019-2014HigJun 19, 2019
    risk 0.57cvss 8.8epss 0.01

    In rw_t3t_handle_get_sc_poll_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2019-2013HigJun 19, 2019
    risk 0.57cvss 8.8epss 0.01

    In rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2019-2012HigJun 19, 2019
    risk 0.57cvss 8.8epss 0.01

    In rw_t3t_act_handle_fmt_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2019-2009HigJun 19, 2019
    risk 0.57cvss 8.8epss 0.01

    In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-2005HigJun 19, 2019
    risk 0.57cvss 8.8epss 0.01

    In onPermissionGrantResult of GrantPermissionsActivity.java, there is a possible incorrectly granted permission due to a missing permission check. This could lead to local escalation of privilege on a locked device with no additional execution privileges needed. User interaction…

  • CVE-2019-1990HigJun 19, 2019
    risk 0.57cvss 8.8epss 0.01

    In ihevcd_fmt_conv_420sp_to_420p of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2019-1989HigJun 19, 2019
    risk 0.57cvss 8.8epss 0.01

    In ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2019-2102HigJun 7, 2019
    risk 0.57cvss 8.8epss 0.00

    In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly…

  • CVE-2019-2093HigJun 7, 2019
    risk 0.57cvss 8.8epss 0.01

    In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9.…

  • CVE-2019-5795HigMay 23, 2019
    risk 0.57cvss 8.8epss 0.01

    Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

  • CVE-2019-5792HigMay 23, 2019
    risk 0.57cvss 8.8epss 0.01

    Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

  • CVE-2019-5791HigMay 23, 2019
    risk 0.57cvss 8.8epss 0.02

    Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2019-5790HigMay 23, 2019
    risk 0.57cvss 8.8epss 0.02

    An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2019-5787HigMay 23, 2019
    risk 0.57cvss 8.8epss 0.02

    Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-2044HigMay 8, 2019
    risk 0.57cvss 8.8epss 0.01

    In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for…

  • CVE-2019-2029HigApr 19, 2019
    risk 0.57cvss 8.8epss 0.01

    In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0…

  • CVE-2019-2028HigApr 19, 2019
    risk 0.57cvss 8.8epss 0.01

    In numerous hand-crafted functions in libmpeg2, NEON registers are not preserved. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1…

  • CVE-2019-2027HigApr 19, 2019
    risk 0.57cvss 8.8epss 0.01

    In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0…

  • CVE-2019-1994HigFeb 28, 2019
    risk 0.57cvss 8.8epss 0.01

    In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for…

  • CVE-2019-1991HigFeb 28, 2019
    risk 0.57cvss 8.8epss 0.02

    In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0…

  • CVE-2019-1988HigFeb 28, 2019
    risk 0.57cvss 8.8epss 0.02

    In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2019-1986HigFeb 28, 2019
    risk 0.57cvss 8.8epss 0.01

    In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges needed. User interaction is needed for exploitation.…

  • CVE-2019-5783HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.01

    Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page.

  • CVE-2019-5774HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.02

    Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.

  • CVE-2019-5772HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.02

    Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2019-5771HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.03

    An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2019-5770HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.03

    Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2019-5769HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.02

    Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5764HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.01

    Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5763HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.02

    Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5762HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.03

    Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

  • CVE-2019-5761HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.02

    Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5760HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.01

    Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5758HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.02

    Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5757HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.02

    An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

  • CVE-2019-5756HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.03

    Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

  • CVE-2018-6174HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.03

    Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2018-6170HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2018-6162HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6153HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2018-6151HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.01

    Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.

  • CVE-2018-6144HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.

  • CVE-2018-6141HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.

Page 40 of 230