VYPR

Vendor CVEs

Google

All CVEs

11,416 total · sorted by risk
  • CVE-2016-2434HigMay 9, 2016
    risk 0.51cvss 7.8epss 0.01

    The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090.

  • CVE-2016-2432HigMay 9, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059.

  • CVE-2016-2431HigMay 9, 2016
    risk 0.51cvss 7.8epss 0.02

    The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.

  • CVE-2016-2430HigMay 9, 2016
    risk 0.51cvss 7.8epss 0.00

    libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236.

  • CVE-2016-2060HigMay 9, 2016
    risk 0.51cvss 7.8epss 0.00

    server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access…

  • CVE-2016-2062HigMay 5, 2016
    risk 0.51cvss 7.8epss 0.00

    The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type,…

  • CVE-2016-2422HigApr 18, 2016
    risk 0.51cvss 7.8epss 0.00

    Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining…

  • CVE-2016-2420HigApr 18, 2016
    risk 0.51cvss 7.8epss 0.00

    rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620.

  • CVE-2016-2413HigApr 18, 2016
    risk 0.51cvss 7.8epss 0.00

    media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or…

  • CVE-2016-2412HigApr 18, 2016
    risk 0.51cvss 7.8epss 0.00

    include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by…

  • CVE-2016-0836HigApr 18, 2016
    risk 0.51cvss 7.8epss 0.02

    Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590.

  • CVE-2016-0827HigMar 12, 2016
    risk 0.51cvss 7.8epss 0.01

    Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to…

  • CVE-2016-0826HigMar 12, 2016
    risk 0.51cvss 7.8epss 0.01

    libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly…

  • CVE-2016-0820HigMar 12, 2016
    risk 0.51cvss 7.8epss 0.01

    The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358.

  • CVE-2016-0819HigMar 12, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034.

  • CVE-2016-0810HigFeb 7, 2016
    risk 0.51cvss 7.8epss 0.00

    media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or…

  • CVE-2015-6647HigJan 6, 2016
    risk 0.51cvss 7.8epss 0.01

    The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.

  • CVE-2015-6640HigJan 6, 2016
    risk 0.51cvss 7.8epss 0.01

    The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption)…

  • CVE-2015-6638HigJan 6, 2016
    risk 0.51cvss 7.8epss 0.00

    The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.

  • CVE-2015-6637HigJan 6, 2016
    risk 0.51cvss 7.8epss 0.01

    The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.

  • CVE-2010-4040HigOct 21, 2010
    risk 0.51cvss 7.8epss 0.01

    Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.

  • CVE-2026-11297HigJun 5, 2026
    risk 0.50cvss 7.7epss 0.00

    Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Low)

  • CVE-2026-4092HigMar 13, 2026
    risk 0.50cvss 8.8epss 0.00

    Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences.

  • CVE-2024-40676HigJan 28, 2025
    risk 0.50cvss 7.7epss 0.00

    In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2024-29753HigApr 5, 2024
    risk 0.50cvss 7.7epss 0.00

    In tmu_set_control_temp_step of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-29743HigApr 5, 2024
    risk 0.50cvss 7.7epss 0.00

    In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-27211HigMar 11, 2024
    risk 0.50cvss 7.7epss 0.00

    In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2022-3842HigJan 2, 2023
    risk 0.50cvss 7.5epss 0.18

    Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2020-6555HigSep 21, 2020
    risk 0.50cvss 7.6epss 0.02

    Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2016-5139HigAug 7, 2016
    risk 0.50cvss 7.6epss 0.01

    Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG…

  • CVE-2016-1709HigJul 23, 2016
    risk 0.50cvss 8.8epss 0.01

    Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font.

  • CVE-2016-3765HigJul 11, 2016
    risk 0.50cvss 7.7epss 0.00

    decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted application, aka internal bug 28168413.

  • CVE-2026-1220HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11694HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11690HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11667HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the GPU process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11644HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical)

  • CVE-2026-11641HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-11639HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-11636HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-11632HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-11296HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11265HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11255HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11242HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Insufficient validation of untrusted input in Plugins in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11239HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11154HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11151HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11149HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11058HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Integer overflow in CredentialProvider in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform OS-level privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Page 95 of 229