VYPR

Vendor CVEs

Google

All CVEs

11,510 total · sorted by risk
  • CVE-2017-15387HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.01

    Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.

  • CVE-2017-13176HigJan 12, 2018
    risk 0.57cvss 8.8epss 0.01

    In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is…

  • CVE-2017-14879HigJan 10, 2018
    risk 0.57cvss 8.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the wrong structure pointer can be returned…

  • CVE-2015-1290HigJan 9, 2018
    risk 0.57cvss 8.8epss 0.03

    The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.

  • CVE-2017-13151HigDec 6, 2017
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456.

  • CVE-2017-0878HigDec 6, 2017
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291.

  • CVE-2017-0877HigDec 6, 2017
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937.

  • CVE-2017-0876HigDec 6, 2017
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675.

  • CVE-2017-0872HigDec 6, 2017
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323.

  • CVE-2017-5122HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page.

  • CVE-2017-5114HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

  • CVE-2017-5113HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5111HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

  • CVE-2017-5108HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.

  • CVE-2017-5100HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5099HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page.

  • CVE-2017-5097HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5095HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.

  • CVE-2017-5092HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2017-5091HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5088HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.03

    Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

  • CVE-2017-5087HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape.

  • CVE-2017-5080HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5078HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.03

    Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters…

  • CVE-2017-5077HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.03

    Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5073HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5064HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5063HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5062HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension.

  • CVE-2017-5059HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.03

    Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.

  • CVE-2017-5058HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2017-5057HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2017-5056HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5055HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5054HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.

  • CVE-2017-5052HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting.

  • CVE-2017-14496HigOct 3, 2017
    risk 0.57cvss 7.5epss 0.66

    Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

  • CVE-2017-0782HigSep 14, 2017
    risk 0.57cvss 8.8epss 0.02

    A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237.

  • CVE-2017-0791HigSep 8, 2017
    risk 0.57cvss 8.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302.

  • CVE-2017-0790HigSep 8, 2017
    risk 0.57cvss 8.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101.

  • CVE-2017-0789HigSep 8, 2017
    risk 0.57cvss 8.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102.

  • CVE-2017-0788HigSep 8, 2017
    risk 0.57cvss 8.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103.

  • CVE-2017-0787HigSep 8, 2017
    risk 0.57cvss 8.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104.

  • CVE-2017-0786HigSep 8, 2017
    risk 0.57cvss 8.8epss 0.00

    A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101.

  • CVE-2017-0784HigSep 8, 2017
    risk 0.57cvss 8.8epss 0.00

    A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.

  • CVE-2017-6421HigAug 16, 2017
    risk 0.57cvss 8.8epss 0.01

    In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow.

  • CVE-2016-5861HigAug 16, 2017
    risk 0.57cvss 8.8epss 0.00

    In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow.

  • CVE-2016-5177HigMay 23, 2017
    risk 0.57cvss 8.8epss 0.01

    Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

  • CVE-2017-5051HigApr 25, 2017
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

  • CVE-2017-5050HigApr 25, 2017
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

Page 43 of 231