Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
7841 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20635 | 2 Google, Mediatek | 52 Android, Mt6580, Mt6731 and 49 more | 2024-08-02 | 4.4 Medium |
| In keyinstall, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07563028. | ||||
| CVE-2023-6870 | 2 Google, Mozilla | 3 Android, Firefox, Firefox Focus | 2024-08-02 | 4.3 Medium |
| Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121. | ||||
| CVE-2023-6868 | 2 Google, Mozilla | 2 Android, Firefox | 2024-08-02 | 4.3 Medium |
| In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121. | ||||
| CVE-2023-6857 | 6 Apple, Debian, Google and 3 more | 12 Macos, Debian Linux, Android and 9 more | 2024-08-02 | 5.3 Medium |
| When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | ||||
| CVE-2023-4907 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-02 | 4.3 Medium |
| Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-4903 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-02 | 4.3 Medium |
| Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-4900 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-02 | 4.3 Medium |
| Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-4361 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-02 | 5.3 Medium |
| Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-4350 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-02 | 6.5 Medium |
| Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-4363 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-02 | 4.3 Medium |
| Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-3736 | 1 Google | 2 Android, Chrome | 2024-08-02 | 4.3 Medium |
| Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-2722 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-02 | 8.8 High |
| Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-2463 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-02 | 4.3 Medium |
| Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-2467 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-02 | 4.3 Medium |
| Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-2312 | 1 Google | 2 Android, Chrome | 2024-08-02 | 8.8 High |
| Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-1223 | 1 Google | 2 Android, Chrome | 2024-08-02 | 4.3 Medium |
| Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-1230 | 1 Google | 2 Android, Chrome | 2024-08-02 | 4.3 Medium |
| Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-1228 | 1 Google | 2 Android, Chrome | 2024-08-02 | 4.3 Medium |
| Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-1234 | 1 Google | 2 Android, Chrome | 2024-08-02 | 4.3 Medium |
| Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-1231 | 1 Google | 2 Android, Chrome | 2024-08-02 | 4.3 Medium |
| Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) | ||||