Filtered by vendor Google
Subscriptions
Total
12103 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-48406 | 1 Google | 1 Android | 2024-08-28 | 6.7 Medium |
there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-2625 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-28 | 8.8 High |
Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2023-48420 | 1 Google | 1 Android | 2024-08-28 | 6.4 Medium |
there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2023-52160 | 6 Debian, Fedoraproject, Google and 3 more | 7 Debian Linux, Fedora, Android and 4 more | 2024-08-27 | 6.5 Medium |
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. | ||||
CVE-2024-8033 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-27 | 4.3 Medium |
Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
CVE-2024-39427 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-27 | 5.1 Medium |
In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | ||||
CVE-2024-39430 | 2 Google, Unisoc | 10 Android, Sc7731e, Sc9832e and 7 more | 2024-08-27 | 5.1 Medium |
In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | ||||
CVE-2024-39429 | 2 Google, Unisoc | 10 Android, Sc7731e, Sc9832e and 7 more | 2024-08-27 | 5.1 Medium |
In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | ||||
CVE-2024-39428 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-27 | 6.8 Medium |
In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | ||||
CVE-2024-34741 | 1 Google | 1 Android | 2024-08-27 | 7.8 High |
In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-7968 | 1 Google | 1 Chrome | 2024-08-27 | 8.8 High |
Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-7967 | 1 Google | 1 Chrome | 2024-08-27 | 8.8 High |
Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-7966 | 1 Google | 1 Chrome | 2024-08-27 | 8.8 High |
Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-7964 | 1 Google | 2 Android, Chrome | 2024-08-27 | 8.8 High |
Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-34743 | 1 Google | 1 Android | 2024-08-27 | 7.8 High |
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-7980 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-26 | 7.3 High |
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) | ||||
CVE-2024-7979 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-26 | 7 High |
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) | ||||
CVE-2024-7973 | 1 Google | 1 Chrome | 2024-08-26 | 8.8 High |
Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium) | ||||
CVE-2024-7972 | 1 Google | 1 Chrome | 2024-08-26 | 8.1 High |
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2024-7977 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-22 | 7.8 High |
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) |