CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-39684 269 Exec Code 2022-01-14 2022-01-19
7.2
None Local Low Not required Complete Complete Complete
In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-203250788References: N/A
2 CVE-2021-39683 787 2022-01-14 2022-01-19
7.2
None Local Low Not required Complete Complete Complete
In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202003354References: N/A
3 CVE-2021-39682 787 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-201677538References: N/A
4 CVE-2021-39679 362 2022-01-14 2022-01-20
6.9
None Local Medium Not required Complete Complete Complete
In init of vendor_graphicbuffer_meta.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188745089References: N/A
5 CVE-2021-39678 269 Bypass 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In <TBD> of <TBD>, there is a possible bypass of Factory Reset Protection due to <TBD>. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171742549References: N/A
6 CVE-2021-39655 269 2021-12-15 2021-12-20
7.5
None Remote Low Not required Partial Partial Partial
Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A
7 CVE-2021-39645 269 2021-12-15 2021-12-17
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A
8 CVE-2021-39644 269 2021-12-15 2021-12-17
7.5
None Remote Low Not required Partial Partial Partial
Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A
9 CVE-2021-39641 269 2021-12-15 2021-12-20
7.5
None Remote Low Not required Partial Partial Partial
Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A
10 CVE-2021-39640 787 2021-12-15 2021-12-20
7.2
None Local Low Not required Complete Complete Complete
In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157294279References: N/A
11 CVE-2021-39639 276 2021-12-15 2021-12-20
7.2
None Local Low Not required Complete Complete Complete
In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. This could lead to local escalation of privilege with physical access to device internals with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198291476References: N/A
12 CVE-2021-39634 416 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204450605References: Upstream kernel
13 CVE-2021-39632 787 2022-01-14 2022-01-19
7.2
None Local Low Not required Complete Complete Complete
In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-202159709
14 CVE-2021-39630 269 Bypass 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202768292
15 CVE-2021-39629 362 2022-01-14 2022-01-18
6.9
None Local Medium Not required Complete Complete Complete
In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197353344
16 CVE-2021-39627 269 Bypass 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126549
17 CVE-2021-39626 610 Bypass 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695497
18 CVE-2021-39625 269 +Priv 2022-01-14 2022-01-15
6.9
None Local Medium Not required Complete Complete Complete
In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695347
19 CVE-2021-39623 269 2022-01-14 2022-01-15
10.0
None Remote Low Not required Complete Complete Complete
In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348
20 CVE-2021-39622 281 Bypass 2022-01-14 2022-01-15
7.2
None Local Low Not required Complete Complete Complete
In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-192663648
21 CVE-2021-39621 269 Bypass 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126319
22 CVE-2021-39620 416 2022-01-14 2022-01-15
7.2
None Local Low Not required Complete Complete Complete
In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-203847542
23 CVE-2021-39618 269 2022-01-14 2022-01-15
7.2
None Local Low Not required Complete Complete Complete
In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999
24 CVE-2021-38017 863 Bypass 2021-12-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
25 CVE-2021-38016 863 Bypass 2021-12-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
26 CVE-2021-38015 20 Bypass 2021-12-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
27 CVE-2021-38014 787 2021-12-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28 CVE-2021-38013 787 Overflow 2021-12-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.
29 CVE-2021-38012 843 2021-12-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
30 CVE-2021-38011 416 2021-12-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
31 CVE-2021-38008 416 2021-12-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
32 CVE-2021-38007 843 2021-12-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
33 CVE-2021-38006 416 2021-12-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
34 CVE-2021-38005 416 2021-12-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
35 CVE-2021-38003 787 2021-11-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
36 CVE-2021-38002 416 2021-11-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
37 CVE-2021-38001 843 2021-11-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
38 CVE-2021-37998 416 2021-11-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
39 CVE-2021-37997 416 2021-11-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.
40 CVE-2021-37993 416 2021-11-02 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
41 CVE-2021-37992 125 2021-11-02 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
42 CVE-2021-37988 416 2021-11-02 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.
43 CVE-2021-37987 416 2021-11-02 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
44 CVE-2021-37986 787 Overflow 2021-11-02 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page.
45 CVE-2021-37985 416 2021-11-02 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.
46 CVE-2021-37984 787 Overflow 2021-11-02 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
47 CVE-2021-37983 416 2021-11-02 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
48 CVE-2021-37982 416 2021-11-02 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
49 CVE-2021-37981 787 Overflow 2021-11-02 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
50 CVE-2021-37979 787 Overflow 2021-11-02 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page.
Total number of vulnerabilities : 3540   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.