Filtered by vendor Google
Subscribe
Total
12830 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1149 | 1 Google | 1 Android | 2023-11-07 | 7.2 HIGH | N/A |
| Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK. | |||||
| CVE-2011-0480 | 3 Canonical, Debian, Google | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2023-11-07 | 9.3 HIGH | N/A |
| Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue. | |||||
| CVE-2010-4832 | 1 Google | 1 Android | 2023-11-07 | 4.3 MEDIUM | N/A |
| Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused. | |||||
| CVE-2010-1205 | 10 Apple, Canonical, Debian and 7 more | 17 Iphone Os, Itunes, Mac Os X and 14 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | |||||
| CVE-2009-3698 | 1 Google | 1 Android | 2023-11-07 | 4.3 MEDIUM | N/A |
| An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656. | |||||
| CVE-2009-2348 | 1 Google | 1 Android | 2023-11-07 | 6.9 MEDIUM | N/A |
| Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone. | |||||
| CVE-2009-2999 | 1 Google | 1 Android | 2023-11-07 | 4.3 MEDIUM | N/A |
| The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to CVE-2009-2656. | |||||
| CVE-2009-1754 | 1 Google | 1 Android | 2023-11-07 | 4.3 MEDIUM | N/A |
| The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application. | |||||
| CVE-2006-6223 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2023-11-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter. | |||||
| CVE-2023-40101 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21393 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21398 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21392 | 1 Google | 1 Android | 2023-11-07 | N/A | 8.8 HIGH |
| In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21388 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21391 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.5 HIGH |
| In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21389 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21336 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21344 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21333 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21387 | 1 Google | 1 Android | 2023-11-07 | N/A | 4.4 MEDIUM |
| In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||