Filtered by vendor Google
Subscriptions
Total
12088 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-3748 | 2 Google, Lenovo | 21 Android, Vibe A1600, Vibe A2560 and 18 more | 2024-09-16 | N/A |
| On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device). | ||||
| CVE-2017-13211 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0. Android ID: A-65174158. | ||||
| CVE-2017-13281 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262. | ||||
| CVE-2017-13225 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789. | ||||
| CVE-2011-2344 | 1 Google | 1 Android | 2024-09-16 | N/A |
| Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com. | ||||
| CVE-2017-0880 | 1 Google | 1 Android | 2024-09-16 | N/A |
| A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012. | ||||
| CVE-2017-6296 | 2 Google, Nvidia | 3 Android, Shield Tv, Shield Tv Firmware | 2024-09-16 | N/A |
| NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate. | ||||
| CVE-2012-5155 | 2 Apple, Google | 2 Mac Os X, Chrome | 2024-09-16 | N/A |
| Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2015-9072 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. | ||||
| CVE-2017-13272 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137. | ||||
| CVE-2017-11024 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can potentially lead to a Use After Free condition. | ||||
| CVE-2018-3597 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur. | ||||
| CVE-2019-1987 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-118143775. | ||||
| CVE-2017-14897 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed in kernel space. | ||||
| CVE-2014-9956 | 1 Google | 1 Android | 2024-09-16 | N/A |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611. | ||||
| CVE-2018-3596 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed. | ||||
| CVE-2022-25328 | 1 Google | 1 Fscrypt | 2024-09-16 | 5 Medium |
| The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above | ||||
| CVE-2017-13177 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68320413. | ||||
| CVE-2017-0843 | 1 Google | 1 Android | 2024-09-16 | N/A |
| An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. References: M-ALPS03361488. | ||||
| CVE-2018-9446 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946. | ||||