Filtered by vendor Google
Subscribe
Total
12830 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33890 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33901 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33900 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33898 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33897 | 2 Google, Unisoc | 14 Android, S8006, Sc7731e and 11 more | 2023-07-18 | N/A | 4.4 MEDIUM |
| In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | |||||
| CVE-2023-33896 | 2 Google, Unisoc | 14 Android, S8005, Sc7731e and 11 more | 2023-07-18 | N/A | 4.4 MEDIUM |
| In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | |||||
| CVE-2023-33902 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33895 | 2 Google, Unisoc | 14 Android, S8004, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30921 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30919 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30920 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-07-18 | N/A | 5.5 MEDIUM |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-27575 | 1 Google | 1 Android | 2023-07-18 | 4.3 MEDIUM | 3.3 LOW |
| Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. | |||||
| CVE-2022-39886 | 1 Google | 1 Android | 2023-07-14 | N/A | 3.3 LOW |
| Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. | |||||
| CVE-2022-39885 | 1 Google | 1 Android | 2023-07-14 | N/A | 3.3 LOW |
| Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. | |||||
| CVE-2022-39887 | 1 Google | 1 Android | 2023-07-14 | N/A | 3.3 LOW |
| Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting. | |||||
| CVE-2022-39883 | 1 Google | 1 Android | 2023-07-14 | N/A | 7.8 HIGH |
| Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API. | |||||
| CVE-2020-8934 | 1 Google | 1 Site Kit | 2023-07-14 | N/A | 4.3 MEDIUM |
| The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the admin_enqueue_scripts action which displays the connection key. This makes it possible for authenticated attackers with any level of access obtaining owner access to a site in the Google Search Console. We recommend upgrading to V1.8.1 or above. | |||||
| CVE-2022-23583 | 1 Google | 1 Tensorflow | 2023-07-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-23580 | 1 Google | 1 Tensorflow | 2023-07-13 | 5.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-23572 | 1 Google | 1 Tensorflow | 2023-07-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. | |||||