Filtered by vendor Google
Subscribe
Total
13189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4613 | 2 Google, Microsoft | 2 Web Designer, Windows | 2025-08-01 | N/A | 8.8 HIGH |
| Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template | |||||
| CVE-2025-8292 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-01 | N/A | 8.8 HIGH |
| Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-10026 | 1 Google | 1 Gvisor | 2025-07-31 | N/A | 5.3 MEDIUM |
| A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances. | |||||
| CVE-2025-0649 | 1 Google | 1 Tensorflow Serving | 2025-07-31 | N/A | 7.5 HIGH |
| Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash. | |||||
| CVE-2024-9858 | 1 Google | 1 Migrate To Containers | 2025-07-30 | N/A | 7.8 HIGH |
| There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond | |||||
| CVE-2025-0982 | 1 Google | 1 Application Integration | 2025-07-30 | N/A | 10.0 CRITICAL |
| Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed. | |||||
| CVE-2024-8912 | 1 Google | 1 Cloud Looker | 2025-07-30 | N/A | 7.5 HIGH |
| An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: * Looker (Google Cloud core) was found to be vulnerable. This issue has already been mitigated and our investigation has found no signs of exploitation. * Looker (original) was not vulnerable to this issue. Customer-hosted Looker instances were found to be vulnerable and must be upgraded. This vulnerability has been patched in all supported versions of customer-hosted Looker, which are available on the Looker download page https://download.looker.com/ . For Looker customer-hosted instances, please update to the latest supported version of Looker as soon as possible. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page: * 23.12 -> 23.12.123+ * 23.18 -> 23.18.117+ * 24.0 -> 24.0.92+ * 24.6 -> 24.6.77+ * 24.8 -> 24.8.66+ * 24.10 -> 24.10.78+ * 24.12 -> 24.12.56+ * 24.14 -> 24.14.37+ | |||||
| CVE-2024-11395 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-07-29 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-10604 | 1 Google | 1 Fuchsia | 2025-07-29 | N/A | 5.3 MEDIUM |
| Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances | |||||
| CVE-2024-10603 | 1 Google | 1 Gvisor | 2025-07-29 | N/A | 5.3 MEDIUM |
| Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances. | |||||
| CVE-2025-1079 | 3 Apple, Google, Linux | 3 Macos, Web Designer, Linux Kernel | 2025-07-29 | N/A | 7.8 HIGH |
| Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature | |||||
| CVE-2024-22004 | 1 Google | 6 Nest Wifi Point, Nest Wifi Point Firmware, Nest Wifi Pro and 3 more | 2025-07-24 | N/A | 10.0 CRITICAL |
| Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application | |||||
| CVE-2024-47038 | 1 Google | 1 Android | 2025-07-24 | N/A | 7.8 HIGH |
| In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for exploitation. | |||||
| CVE-2024-47039 | 1 Google | 1 Android | 2025-07-24 | N/A | 5.5 MEDIUM |
| In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-47040 | 1 Google | 1 Android | 2025-07-24 | N/A | 7.8 HIGH |
| There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32915 | 1 Google | 1 Android | 2025-07-24 | N/A | 4.3 MEDIUM |
| In CellInfoListParserV2::FillCellInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. | |||||
| CVE-2024-32916 | 1 Google | 1 Android | 2025-07-24 | N/A | 5.9 MEDIUM |
| In fvp_freq_histogram_init of fvp.c, there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32917 | 1 Google | 1 Android | 2025-07-24 | N/A | 7.1 HIGH |
| In pl330_dma_from_peri_start() of fp_spi_dma.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-22013 | 1 Google | 6 Nest Wifi Point, Nest Wifi Point Firmware, Nest Wifi Pro and 3 more | 2025-07-24 | N/A | 5.3 MEDIUM |
| U-Boot environment is read from unauthenticated partition. | |||||
| CVE-2024-44097 | 1 Google | 8 Nest Cam \(indoor\, Wired\), Nest Cam \(indoor\, Wired\) Firmware, Nest Cam \(outdoor Or Indoor\, Battery\) and 5 more | 2025-07-24 | N/A | 9.8 CRITICAL |
| According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server." | |||||