Filtered by vendor Google
Subscribe
Total
13686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46707 | 3 Google, Imaginationtech, Linux | 3 Android, Ddk, Linux Kernel | 2025-10-21 | N/A | 5.2 MEDIUM |
| Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU. | |||||
| CVE-2025-46708 | 3 Google, Imaginationtech, Linux | 3 Android, Ddk, Linux Kernel | 2025-10-21 | N/A | 4.3 MEDIUM |
| Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU. | |||||
| CVE-2022-20360 | 1 Google | 1 Android | 2025-10-20 | N/A | 7.8 HIGH |
| In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228314987 | |||||
| CVE-2022-20350 | 1 Google | 1 Android | 2025-10-20 | N/A | 5.5 MEDIUM |
| In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228178437 | |||||
| CVE-2022-20347 | 1 Google | 1 Android | 2025-10-20 | N/A | 8.8 HIGH |
| In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811 | |||||
| CVE-2022-20346 | 1 Google | 1 Android | 2025-10-20 | N/A | 6.5 MEDIUM |
| In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-230493653 | |||||
| CVE-2022-20345 | 1 Google | 1 Android | 2025-10-20 | N/A | 8.8 HIGH |
| In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-230494481 | |||||
| CVE-2022-20239 | 1 Google | 1 Android | 2025-10-20 | N/A | 9.8 CRITICAL |
| remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091 | |||||
| CVE-2025-20721 | 2 Google, Mediatek | 15 Android, Iot Yocto, Mt6886 and 12 more | 2025-10-15 | N/A | 7.8 HIGH |
| In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10089545; Issue ID: MSV-4279. | |||||
| CVE-2025-20722 | 4 Google, Mediatek, Openwrt and 1 more | 19 Android, Mt6835, Mt6878 and 16 more | 2025-10-15 | N/A | 5.5 MEDIUM |
| In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920036; Issue ID: MSV-3798. | |||||
| CVE-2025-20723 | 2 Google, Mediatek | 15 Android, Mt6835, Mt6878 and 12 more | 2025-10-15 | N/A | 7.8 HIGH |
| In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920033; Issue ID: MSV-3797. | |||||
| CVE-2024-20854 | 2 Google, Samsung | 2 Android, Camera | 2025-10-10 | N/A | 5.9 MEDIUM |
| Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers to access image data. | |||||
| CVE-2025-1122 | 1 Google | 2 Chrome, Chrome Os | 2025-10-06 | N/A | 6.7 MEDIUM |
| Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process. | |||||
| CVE-2025-1292 | 1 Google | 2 Chrome, Chrome Os | 2025-10-06 | N/A | 6.7 MEDIUM |
| Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process. | |||||
| CVE-2025-55556 | 1 Google | 1 Tensorflow | 2025-10-03 | N/A | 6.5 MEDIUM |
| TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application. | |||||
| CVE-2025-55559 | 1 Google | 1 Tensorflow | 2025-10-03 | N/A | 7.5 HIGH |
| An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D. | |||||
| CVE-2025-6044 | 1 Google | 1 Chrome Os | 2025-10-03 | N/A | 6.1 MEDIUM |
| An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature. | |||||
| CVE-2025-2509 | 1 Google | 1 Chrome Os | 2025-10-03 | N/A | 7.8 HIGH |
| Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description. | |||||
| CVE-2025-20926 | 2 Google, Samsung | 2 Android, Myfiles | 2025-10-03 | N/A | 5.5 MEDIUM |
| Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege. | |||||
| CVE-2025-21024 | 1 Google | 1 Android | 2025-10-02 | N/A | 3.3 LOW |
| Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information. | |||||