Filtered by vendor Google
Subscriptions
Total
13909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6743 | 1 Google | 1 Android | 2025-04-12 | N/A |
| An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30937462. | ||||
| CVE-2016-6741 | 1 Google | 1 Android | 2025-04-12 | N/A |
| An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30559423. References: Qualcomm QC-CR#1060554. | ||||
| CVE-2016-6740 | 1 Google | 1 Android | 2025-04-12 | N/A |
| An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30143904. References: Qualcomm QC-CR#1056307. | ||||
| CVE-2016-6749 | 1 Google | 1 Android | 2025-04-12 | N/A |
| An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30228438. References: Qualcomm QC-CR#1052818. | ||||
| CVE-2016-6747 | 1 Google | 1 Android | 2025-04-12 | N/A |
| A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA N-CVE-2016-6747. | ||||
| CVE-2016-6717 | 1 Google | 1 Android | 2025-04-12 | N/A |
| An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability. Android ID: A-31350239. | ||||
| CVE-2016-6715 | 1 Google | 1 Android | 2025-04-12 | N/A |
| An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the user's permission. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29833954. | ||||
| CVE-2014-7900 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. | ||||
| CVE-2014-7908 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data. | ||||
| CVE-2014-7911 | 1 Google | 1 Android | 2025-04-12 | N/A |
| luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. | ||||
| CVE-2014-7912 | 2 Dhcpcd Project, Google | 2 Dhcpcd, Android | 2025-04-12 | N/A |
| The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message. | ||||
| CVE-2014-7922 | 1 Google | 1 Play Services Sdk | 2025-04-12 | N/A |
| The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scopes including the SID and LSID scopes, and consequently obtain access to a Google account, via a crafted application, as demonstrated by setting the has_permission=1 parameter value upon finding _opt_has_permission in that argument. | ||||
| CVE-2014-7941 | 4 Chromium, Google, Opensuse and 1 more | 8 Chromium, Chrome, Opensuse and 5 more | 2025-04-12 | N/A |
| The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data. | ||||
| CVE-2014-7944 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. | ||||
| CVE-2014-7946 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors related to the Fonts implementation. | ||||
| CVE-2014-7948 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5 application content via a crafted certificate. | ||||
| CVE-2014-9647 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205. | ||||
| CVE-2014-9648 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205. | ||||
| CVE-2014-9801 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078. | ||||
| CVE-2014-9864 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841. | ||||