Filtered by vendor Google Subscriptions
Total 12502 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-20093 2 Google, Mediatek 17 Android, Mt6761, Mt6765 and 14 more 2024-10-27 4.4 Medium
In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1699.
CVE-2024-20091 2 Google, Mediatek 17 Android, Mt6761, Mt6765 and 14 more 2024-10-27 4.4 Medium
In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1701.
CVE-2024-20085 5 Google, Linuxfoundation, Mediatek and 2 more 43 Android, Yocto, Mt6580 and 40 more 2024-10-27 4.4 Medium
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.
CVE-2024-20084 5 Google, Linuxfoundation, Mediatek and 2 more 43 Android, Yocto, Mt6580 and 40 more 2024-10-27 4.4 Medium
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.
CVE-2024-47014 1 Google 1 Android 2024-10-25 8.8 High
Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292.
CVE-2024-47013 1 Google 1 Android 2024-10-25 7.8 High
In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-44098 1 Google 2 Android, Pixel 2024-10-25 7.4 High
In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-47016 1 Google 1 Android 2024-10-25 7.8 High
there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-7973 1 Google 1 Chrome 2024-10-24 8.8 High
Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium)
CVE-2024-7535 1 Google 1 Chrome 2024-10-24 8.8 High
Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-9954 1 Google 1 Chrome 2024-10-22 8.8 High
Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-9965 2 Google, Microsoft 2 Chrome, Windows 2024-10-22 8.8 High
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-9964 1 Google 1 Chrome 2024-10-17 4.3 Medium
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2024-9966 1 Google 1 Chrome 2024-10-17 5.3 Medium
Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-9963 1 Google 1 Chrome 2024-10-17 4.3 Medium
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-9962 1 Google 1 Chrome 2024-10-17 4.3 Medium
Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-9958 1 Google 1 Chrome 2024-10-17 4.3 Medium
Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-39440 2 Google, Unisoc 10 Android, S8000, T606 and 7 more 2024-10-17 6.2 Medium
In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed.
CVE-2024-39439 2 Google, Unisoc 10 Android, S8000, T606 and 7 more 2024-10-17 6.2 Medium
In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2024-39438 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-10-17 6.5 Medium
In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.