Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 15355 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-30919 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2026-06-17 N/A 5.5 MEDIUM
In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-30918 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2026-06-17 N/A 5.5 MEDIUM
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-30917 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2026-06-17 N/A 7.8 HIGH
In DMService, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
CVE-2023-30916 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2026-06-17 N/A 7.8 HIGH
In DMService, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
CVE-2023-30915 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2026-06-17 N/A 5.5 MEDIUM
In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-30914 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2026-06-17 N/A 5.5 MEDIUM
In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-30913 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2026-06-17 N/A 5.5 MEDIUM
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-30866 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2026-06-17 N/A 5.5 MEDIUM
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-30865 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2026-06-17 N/A 5.5 MEDIUM
In dialer service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-30864 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2026-06-17 N/A 7.8 HIGH
In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
CVE-2023-30863 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2026-06-17 N/A 7.8 HIGH
In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
CVE-2023-30845 1 Google 1 Espv2 2026-06-17 N/A 8.2 HIGH
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT authentication in specific cases. ESPv2 allows malicious requests to bypass authentication if both the conditions are true: The requested HTTP method is **not** in the API service definition (OpenAPI spec or gRPC `google.api.http` proto annotations, and the specified `X-HTTP-Method-Override` is a valid HTTP method in the API service definition. ESPv2 will forward the request to your backend without checking the JWT. Attackers can craft requests with a malicious `X-HTTP-Method-Override` value that allows them to bypass specifying JWTs. Restricting API access with API keys works as intended and is not affected by this vulnerability. Upgrade deployments to release v2.43.0 or higher to receive a patch. This release ensures that JWT authentication occurs, even when the caller specifies `x-http-method-override`. `x-http-method-override` is still supported by v2.43.0+. API clients can continue sending this header to ESPv2.
CVE-2023-30730 2 Google, Samsung 2 Android, Camera 2026-06-17 N/A 3.3 LOW
Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access specific file.
CVE-2023-30678 2 Google, Samsung 2 Android, Calendar 2026-06-17 N/A 5.1 MEDIUM
Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file.
CVE-2023-2976 1 Google 1 Guava 2026-06-17 N/A 5.5 MEDIUM
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CVE-2023-2941 1 Google 1 Chrome 2026-06-17 N/A 4.3 MEDIUM
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2023-2940 1 Google 1 Chrome 2026-06-17 N/A 6.5 MEDIUM
Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-2939 2 Google, Microsoft 2 Chrome, Windows 2026-06-17 N/A 7.8 HIGH
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
CVE-2023-2938 1 Google 1 Chrome 2026-06-17 N/A 4.3 MEDIUM
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-2937 1 Google 1 Chrome 2026-06-17 N/A 4.3 MEDIUM
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)