Total
8405 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20002 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657 | |||||
CVE-2022-1637 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2022-1636 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-1635 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. | |||||
CVE-2022-1634 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions. | |||||
CVE-2022-1495 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. | |||||
CVE-2022-1307 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2022-1130 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 8.1 HIGH |
Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app. | |||||
CVE-2022-1129 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2022-0972 | 3 Apple, Google, Linux | 4 Macos, Android, Chrome and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-0971 | 3 Apple, Google, Linux | 4 Macos, Android, Chrome and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-0804 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2022-0802 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2022-0455 | 1 Google | 2 Android, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2022-0300 | 1 Google | 2 Android, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-43849 | 3 Apple, Cordova Plugin Fingerprint All-in-one Project, Google | 3 Iphone Os, Cordova Plugin Fingerprint All-in-one, Android | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn't handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. Version 5.0.1 of the cordova-plugin-fingerprint-aio doesn't export the activity anymore and is no longer vulnerable. If you want to fix older versions change the attribute android:exported in plugin.xml to false. Please upgrade to version 5.0.1 as soon as possible. | |||||
CVE-2021-43544 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95. | |||||
CVE-2021-43530 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94. | |||||
CVE-2021-43191 | 3 Apple, Google, Jetbrains | 3 Iphone Os, Android, Youtrack Mobile | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS. | |||||
CVE-2021-43190 | 2 Google, Jetbrains | 2 Android, Youtrack Mobile | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible. |