VYPR

Vendor CVEs

Google

All CVEs

11,510 total · sorted by risk
  • CVE-2018-9533HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…

  • CVE-2018-9532HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2018-9530HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2018-9529HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2018-9528HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product:…

  • CVE-2018-9521HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for…

  • CVE-2018-6083HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.

  • CVE-2018-6074HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.

  • CVE-2018-6073HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2018-6072HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2018-6071HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-6067HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6063HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2018-6062HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2018-6060HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6057HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.

  • CVE-2018-17474HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-17469HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2018-17466HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.03

    Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-17465HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

  • CVE-2018-9459HigNov 6, 2018
    risk 0.57cvss 8.8epss 0.02

    In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2018-9450HigNov 6, 2018
    risk 0.57cvss 8.8epss 0.03

    In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…

  • CVE-2018-9504HigOct 2, 2018
    risk 0.57cvss 8.8epss 0.01

    In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2018-6055HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.01

    Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.

  • CVE-2018-6054HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

  • CVE-2018-6043HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.02

    Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.

  • CVE-2018-6035HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.02

    Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.

  • CVE-2018-6033HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.01

    Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.

  • CVE-2018-6031HigSep 25, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-15406HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.01

    A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-15413HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15411HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-15410HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-15409HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15408HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.

  • CVE-2017-15407HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.

  • CVE-2017-13256HigApr 4, 2018
    risk 0.57cvss 8.8epss 0.01

    In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…

  • CVE-2017-13255HigApr 4, 2018
    risk 0.57cvss 8.8epss 0.01

    In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…

  • CVE-2017-13230HigFeb 12, 2018
    risk 0.57cvss 8.8epss 0.02

    In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product:…

  • CVE-2017-13228HigFeb 12, 2018
    risk 0.57cvss 8.8epss 0.01

    In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product:…

  • CVE-2017-5133HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.

  • CVE-2017-5132HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.

  • CVE-2017-5131HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.

  • CVE-2017-5130HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.03

    An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

  • CVE-2017-5129HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.01

    A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5128HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.

  • CVE-2017-5127HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-5125HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15393HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.01

    Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.

  • CVE-2017-15388HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Page 42 of 231