Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 12727 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-20950 1 Google 1 Android 2025-02-05 N/A 7.8 HIGH
In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-195756028
CVE-2023-20941 1 Google 1 Android 2025-02-05 N/A 6.6 MEDIUM
In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264029575References: Upstream kernel
CVE-2023-20935 1 Google 1 Android 2025-02-05 N/A 5.5 MEDIUM
In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256589724
CVE-2023-20909 1 Google 1 Android 2025-02-05 N/A 5.5 MEDIUM
In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243130512
CVE-2023-21098 1 Google 1 Android 2025-02-05 N/A 7.8 HIGH
In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260567867
CVE-2023-21100 1 Google 1 Android 2025-02-05 N/A 7.8 HIGH
In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-242544249
CVE-2023-21099 1 Google 1 Android 2025-02-05 N/A 7.8 HIGH
In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243377226
CVE-2021-0885 1 Google 1 Android 2025-02-05 N/A 7.8 HIGH
In PVRSRVBridgeSyncPrimOpTake of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270401914
CVE-2021-0884 1 Google 1 Android 2025-02-05 N/A 7.8 HIGH
In PVRSRVBridgePhysmemImportSparseDmaBuf of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270393454
CVE-2021-0883 1 Google 1 Android 2025-02-05 N/A 7.8 HIGH
In PVRSRVBridgeCacheOpQueue of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395013
CVE-2021-0882 1 Google 1 Android 2025-02-05 N/A 7.8 HIGH
In PVRSRVBridgeRGXKickSync of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395803
CVE-2021-0881 1 Google 1 Android 2025-02-05 N/A 7.8 HIGH
In PVRSRVBridgeRGXKickCDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270396350
CVE-2023-21097 1 Google 1 Android 2025-02-05 N/A 7.8 HIGH
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325
CVE-2023-21096 1 Google 1 Android 2025-02-05 N/A 9.8 CRITICAL
In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-254774758
CVE-2023-21094 1 Google 1 Android 2025-02-05 N/A 7.8 HIGH
In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-248031255
CVE-2023-21093 1 Google 1 Android 2025-02-05 N/A 7.8 HIGH
In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-228450832
CVE-2020-15999 6 Debian, Fedoraproject, Freetype and 3 more 6 Debian Linux, Fedora, Freetype and 3 more 2025-02-05 4.3 MEDIUM 9.6 CRITICAL
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-38003 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-05 6.8 MEDIUM 8.8 HIGH
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-6065 4 Debian, Google, Mi and 1 more 6 Debian Linux, Chrome, Mi6 Browser and 3 more 2025-02-05 6.8 MEDIUM 8.8 HIGH
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3038 2 Fedoraproject, Google 2 Fedora, Chrome 2025-02-05 N/A 8.8 HIGH
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.