Filtered by vendor Google
Subscribe
Total
12042 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-21390 | 1 Google | 1 Android | 2024-09-05 | N/A | 7.8 HIGH |
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-42655 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2024-09-05 | N/A | 6.7 MEDIUM |
In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed | |||||
CVE-2023-32838 | 2 Google, Mediatek | 10 Android, Mt2713, Mt6895 and 7 more | 2024-09-05 | N/A | 6.7 MEDIUM |
In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805. | |||||
CVE-2023-32818 | 2 Google, Mediatek | 11 Android, Mt6761, Mt6763 and 8 more | 2024-09-05 | N/A | 6.7 MEDIUM |
In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715. | |||||
CVE-2023-32839 | 2 Google, Mediatek | 8 Android, Mt2713, Mt6895 and 5 more | 2024-09-05 | N/A | 6.7 MEDIUM |
In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576. | |||||
CVE-2024-20089 | 4 Google, Linuxfoundation, Mediatek and 1 more | 15 Android, Yocto, Mt6835 and 12 more | 2024-09-05 | N/A | 7.5 HIGH |
In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526. | |||||
CVE-2024-20088 | 2 Google, Mediatek | 29 Android, Mt6765, Mt6768 and 26 more | 2024-09-05 | N/A | 4.4 MEDIUM |
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932099; Issue ID: MSV-1543. | |||||
CVE-2024-20087 | 2 Google, Mediatek | 13 Android, Mt6765, Mt6768 and 10 more | 2024-09-05 | N/A | 6.7 MEDIUM |
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1550. | |||||
CVE-2024-20086 | 2 Google, Mediatek | 13 Android, Mt6765, Mt6768 and 10 more | 2024-09-05 | N/A | 6.7 MEDIUM |
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1551. | |||||
CVE-2024-20085 | 5 Google, Linuxfoundation, Mediatek and 2 more | 43 Android, Yocto, Mt6580 and 40 more | 2024-09-05 | N/A | 4.4 MEDIUM |
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560. | |||||
CVE-2024-20084 | 5 Google, Linuxfoundation, Mediatek and 2 more | 43 Android, Yocto, Mt6580 and 40 more | 2024-09-05 | N/A | 4.4 MEDIUM |
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561. | |||||
CVE-2024-8388 | 2 Google, Mozilla | 2 Android, Firefox | 2024-09-04 | N/A | 5.3 MEDIUM |
Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature. *This bug only affects Firefox on Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 130. | |||||
CVE-2024-45045 | 2 Collabora, Google | 2 Online, Android | 2024-09-03 | N/A | 6.1 MEDIUM |
Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability. | |||||
CVE-2023-22448 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-08-30 | N/A | 7.2 HIGH |
Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
CVE-2023-22285 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-08-30 | N/A | 7.5 HIGH |
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
CVE-2024-8194 | 1 Google | 1 Chrome | 2024-08-30 | N/A | 8.8 HIGH |
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2024-8193 | 1 Google | 1 Chrome | 2024-08-30 | N/A | 8.8 HIGH |
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2024-8198 | 1 Google | 1 Chrome | 2024-08-30 | N/A | 8.8 HIGH |
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2024-38208 | 2 Google, Microsoft | 2 Android, Edge | 2024-08-29 | N/A | 6.1 MEDIUM |
Microsoft Edge for Android Spoofing Vulnerability | |||||
CVE-2024-7965 | 1 Google | 1 Chrome | 2024-08-29 | N/A | 8.8 HIGH |
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |