Filtered by vendor Google
Subscriptions
Total
13525 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25990 | 1 Google | 1 Android | 2025-04-16 | 6.4 Medium |
| In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-27210 | 1 Google | 1 Android | 2025-04-16 | 7.8 High |
| In policy_check of fvp.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-27224 | 1 Google | 1 Android | 2025-04-16 | 7.8 High |
| In strncpy of strncpy.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-22762 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-16 | 4.3 Medium |
| Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. | ||||
| CVE-2022-22758 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-16 | 8.8 High |
| When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. | ||||
| CVE-2022-29910 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-16 | 6.1 Medium |
| When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100. | ||||
| CVE-2022-34469 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-15 | 8.8 High |
| When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102. | ||||
| CVE-2022-36317 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-15 | 6.5 Medium |
| When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103. | ||||
| CVE-2022-45413 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-15 | 6.1 Medium |
| Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107. | ||||
| CVE-2022-45412 | 5 Apple, Google, Linux and 2 more | 11 Macos, Android, Linux Kernel and 8 more | 2025-04-15 | 8.8 High |
| When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | ||||
| CVE-2022-40961 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-15 | 6.5 Medium |
| During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 105. | ||||
| CVE-2025-20661 | 2 Google, Mediatek | 2 Android, Mt9972 | 2025-04-14 | 6.7 Medium |
| In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3185. | ||||
| CVE-2025-20662 | 2 Google, Mediatek | 2 Android, Mt9972 | 2025-04-14 | 6.7 Medium |
| In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04428276; Issue ID: MSV-3184. | ||||
| CVE-2015-6619 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714. | ||||
| CVE-2015-6596 | 1 Google | 1 Android | 2025-04-12 | N/A |
| mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717. | ||||
| CVE-2011-1793 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer." | ||||
| CVE-2015-8943 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226. | ||||
| CVE-2015-8939 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021. | ||||
| CVE-2015-8938 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022. | ||||
| CVE-2015-8937 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548. | ||||