CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2020-0451 787 Exec Code Overflow 2020-11-10 2020-11-10
9.3
None Remote Medium Not required Complete Complete Complete
In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825
52 CVE-2020-0449 416 Exec Code Mem. Corr. 2020-11-10 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143
53 CVE-2020-0416 1188 2020-10-14 2020-10-16
9.3
None Remote Medium Not required Complete Complete Complete
In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585
54 CVE-2020-0387 269 2020-09-17 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156046804
55 CVE-2020-0380 787 Exec Code 2020-09-17 2020-09-23
10.0
None Remote Low Not required Complete Complete Complete
In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146398979
56 CVE-2020-0376 125 2020-10-14 2020-10-15
9.4
None Remote Low Not required Complete None Complete
There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163003156
57 CVE-2020-0371 125 2020-10-14 2020-10-15
9.4
None Remote Low Not required Complete None Complete
There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008256
58 CVE-2020-0367 787 2020-10-14 2020-10-15
9.4
None Remote Low Not required None Complete Complete
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455
59 CVE-2020-0342 787 2020-09-17 2020-09-23
10.0
None Remote Low Not required Complete Complete Complete
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812576
60 CVE-2020-0339 125 2020-10-14 2020-10-15
9.4
None Remote Low Not required Complete None Complete
There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980705
61 CVE-2020-0283 787 2020-10-14 2020-10-15
9.4
None Remote Low Not required None Complete Complete
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257
62 CVE-2020-0278 787 2020-09-17 2020-09-23
10.0
None Remote Low Not required Complete Complete Complete
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812574
63 CVE-2020-0267 610 2020-09-17 2020-09-23
9.3
None Remote Medium Not required Complete Complete Complete
In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app instead of the one the user intended, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139128211
64 CVE-2020-0253 416 Mem. Corr. 2020-08-11 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365
65 CVE-2020-0252 416 Mem. Corr. 2020-08-11 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803
66 CVE-2020-0245 787 Exec Code Overflow 2020-09-17 2020-09-23
9.3
None Remote Medium Not required Complete Complete Complete
In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149
67 CVE-2020-0240 787 Exec Code Overflow 2020-08-11 2020-08-12
9.3
None Remote Medium Not required Complete Complete Complete
In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150706594
68 CVE-2020-0229 787 2020-09-17 2020-09-23
10.0
None Remote Low Not required Complete Complete Complete
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-156333725
69 CVE-2020-0225 787 Exec Code 2020-07-17 2020-07-22
10.0
None Remote Low Not required Complete Complete Complete
In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546668
70 CVE-2020-0224 843 Exec Code 2020-07-17 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147664838
71 CVE-2020-0123 787 2020-09-17 2020-09-23
10.0
None Remote Low Not required Complete Complete Complete
There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-149871374
72 CVE-2020-0117 190 Exec Code Overflow 2020-06-10 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-151155194
73 CVE-2020-0103 119 Exec Code Overflow Mem. Corr. 2020-05-14 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-148107188
74 CVE-2020-0099 269 2020-12-14 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141745510
75 CVE-2020-0080 269 2020-04-17 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
In onOpActiveChanged and related methods of AppOpsControllerImpl.java, there is a possible way to display an app overlaying other apps without the notification icon that it's overlaying. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144092031
76 CVE-2020-0073 787 Exec Code 2020-04-17 2020-04-22
10.0
None Remote Low Not required Complete Complete Complete
In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147309942
77 CVE-2020-0072 787 Exec Code 2020-04-17 2020-04-22
10.0
None Remote Low Not required Complete Complete Complete
In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147310271
78 CVE-2020-0071 787 Exec Code 2020-04-17 2020-04-21
10.0
None Remote Low Not required Complete Complete Complete
In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147310721
79 CVE-2020-0070 787 Exec Code 2020-04-17 2020-04-21
10.0
None Remote Low Not required Complete Complete Complete
In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148159613
80 CVE-2020-0032 787 Exec Code Overflow 2020-03-10 2020-03-11
9.3
None Remote Medium Not required Complete Complete Complete
In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-145364230
81 CVE-2020-0002 787 Exec Code 2020-01-08 2022-01-01
9.3
None Remote Medium Not required Complete Complete Complete
In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711
82 CVE-2019-1010200 78 Exec Code 2019-07-23 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). The impact is: Remote code execution with the same privileges as the servers. The component is: Two web servers in the projects expose three vulnerable endpoints that can be accessed remotely. The endpoints are defined at: - /tts: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/merlin_model_server/api.js#L34 - /alignment: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/festival_model_server/api.js#L28 - /tts: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/festival_model_server/api.js#L65. The attack vector is: Attacker sends a GET request to the vulnerable endpoint with a specially formatted query parameter. The fixed version is: After commit f6660e6d8f0d1d931359d591dbdec580fef36d36.
83 CVE-2019-20622 787 Overflow 2020-03-24 2020-03-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband stack overflow. The Samsung ID is SVE-2018-13188 (February 2019).
84 CVE-2019-20621 787 Overflow 2020-03-24 2020-03-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband heap overflow. The Samsung ID is SVE-2018-13187 (February 2019).
85 CVE-2019-20611 787 Exec Code Overflow 2020-03-24 2020-03-30
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), Go(8.1), P(9.0), and Go(9.0) (Exynos chipsets) software. A baseband stack overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-13963 (April 2019).
86 CVE-2019-20605 787 Overflow 2020-03-24 2020-03-30
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A heap overflow occurs for baseband in the Shannon modem. The Samsung ID is SVE-2019-14071 (May 2019).
87 CVE-2019-20589 843 Exec Code 2020-03-24 2020-03-30
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SKPM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14892 (August 2019).
88 CVE-2019-20588 843 Exec Code 2020-03-24 2020-03-30
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14891 (August 2019).
89 CVE-2019-20587 843 Exec Code 2020-03-24 2020-03-27
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the MLDAP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14867 (August 2019).
90 CVE-2019-20586 843 Exec Code 2020-03-24 2020-03-27
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the FINGERPRINT Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14864 (August 2019).
91 CVE-2019-20585 843 Exec Code 2020-03-24 2020-03-27
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEC_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14851 (August 2019).
92 CVE-2019-20584 843 Exec Code 2020-03-24 2020-03-27
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the HDCP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14850 (August 2019).
93 CVE-2019-20583 843 Exec Code 2020-03-24 2020-03-27
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the EXT_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14847 (August 2019).
94 CVE-2019-20567 787 Exec Code Overflow 2020-03-24 2020-03-30
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A up_parm heap overflow leads to code execution in the bootloader. The Samsung ID is SVE-2019-14993 (September 2019).
95 CVE-2019-20545 120 Overflow 2020-03-24 2020-03-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. A buffer overflow in the HDCP Trustlet affects secure TEEGRIS memory. The Samsung ID is SVE-2019-15283 (November 2019).
96 CVE-2019-20537 787 Exec Code 2020-03-24 2020-03-27
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with P(9.0) (TEEGRIS and Qualcomm chipsets). There is arbitrary memory overwrite in the SEM Trustlet, leading to arbitrary code execution. The Samsung IDs are SVE-2019-14651, SVE-2019-14666 (November 2019).
97 CVE-2019-16508 190 Overflow +Priv 2019-10-01 2019-10-08
9.3
None Remote Medium Not required Complete Complete Complete
The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate.
98 CVE-2019-5789 190 Exec Code Overflow 2019-05-23 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
99 CVE-2019-5788 190 Exec Code Overflow 2019-05-23 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
100 CVE-2019-5787 787 2019-05-23 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Total number of vulnerabilities : 1095   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.