CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-37991 362 2021-11-02 2021-11-04
5.1
None Remote High Not required Partial Partial Partial
Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2 CVE-2021-37958 2021-10-08 2021-11-24
5.8
None Remote Medium Not required Partial Partial None
Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.
3 CVE-2021-30603 362 2021-08-26 2021-09-24
5.1
None Remote High Not required Partial Partial Partial
Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
4 CVE-2021-30593 125 2021-08-26 2021-09-24
5.8
None Remote Medium Not required Partial None Partial
Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.
5 CVE-2021-30539 863 Bypass 2021-06-07 2021-07-18
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
6 CVE-2021-30536 125 2021-06-07 2021-07-18
5.8
None Remote Medium Not required Partial None Partial
Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.
7 CVE-2021-30511 125 2021-06-04 2021-07-18
5.8
None Remote Medium Not required Partial None Partial
Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.
8 CVE-2021-25485 22 Dir. Trav. 2021-10-06 2021-10-13
5.8
None Local Network Low Not required Partial Partial Partial
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.
9 CVE-2021-25483 125 2021-10-06 2021-10-13
5.0
None Remote Low Not required Partial None None
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.
10 CVE-2021-25426 200 +Info 2021-07-08 2021-10-18
5.0
None Remote Low Not required Partial None None
Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.
11 CVE-2021-25417 863 2021-06-11 2021-06-16
5.0
None Remote Low Not required Partial None None
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.
12 CVE-2021-25337 863 2021-03-04 2021-03-11
5.8
None Remote Medium Not required Partial Partial None
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
13 CVE-2021-25330 DoS 2021-03-02 2021-03-09
5.0
None Remote Low Not required None None Partial
Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider.
14 CVE-2021-22553 400 2021-02-17 2021-02-23
5.0
None Remote Low Not required None None Partial
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.
15 CVE-2021-22492 120 Overflow 2021-01-05 2021-01-08
5.8
None Local Network Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Broadcom Bluetooth chipsets) software. The Bluetooth UART driver has a buffer overflow. The Samsung ID is SVE-2020-18731 (January 2021).
16 CVE-2021-21205 Bypass 2021-04-26 2021-06-03
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
17 CVE-2021-21172 Bypass 2021-03-09 2021-05-01
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
18 CVE-2021-21125 287 Bypass 2021-02-09 2021-03-08
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
19 CVE-2021-3189 601 2021-02-19 2021-04-01
5.8
None Remote Medium Not required Partial Partial None
The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.
20 CVE-2021-0631 125 DoS 2021-10-25 2021-10-26
5.0
None Remote Low Not required None None Partial
In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551435; Issue ID: ALPS05551435.
21 CVE-2021-0630 190 DoS 2021-10-25 2021-10-26
5.0
None Remote Low Not required None None Partial
In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551397; Issue ID: ALPS05551397.
22 CVE-2021-0555 476 DoS 2021-06-22 2021-06-24
5.0
None Remote Low Not required None None Partial
In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179161711
23 CVE-2021-0522 125 2021-06-21 2021-06-23
5.0
None Remote Low Not required Partial None None
In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139
24 CVE-2021-0517 670 Exec Code 2021-06-21 2021-06-23
5.0
None Remote Low Not required Partial None None
In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179053823
25 CVE-2021-0466 668 2021-06-11 2021-06-14
5.0
None Remote Low Not required Partial None None
In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154114734
26 CVE-2021-0435 665 Exec Code +Info 2021-04-13 2021-04-16
5.0
None Remote Low Not required Partial None None
In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451
27 CVE-2021-0433 269 Bypass 2021-04-13 2021-04-16
5.4
None Local Network Medium Not required Partial Partial Partial
In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171221090
28 CVE-2021-0431 125 2021-04-13 2021-04-16
5.0
None Remote Low Not required Partial None None
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901
29 CVE-2021-0341 295 2021-02-10 2021-02-12
5.0
None Remote Low Not required Partial None None
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069
30 CVE-2020-35864 2020-12-31 2021-01-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. read_scalar (and read_scalar_at) can transmute values without unsafe blocks.
31 CVE-2020-35552 +Info 2020-12-18 2020-12-18
5.0
None Remote Low Not required Partial None None
An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 (December 2020).
32 CVE-2020-28345 476 2020-11-08 2020-11-16
5.0
None Remote Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200025 (November 2020).
33 CVE-2020-27055 311 2020-12-15 2020-12-17
5.0
None Remote Low Not required Partial None None
In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigController2.java, there is a possible insecure WiFi configuration due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161378819
34 CVE-2020-27024 125 2020-12-15 2020-12-15
5.0
None Remote Low Not required Partial None None
In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure triggered by a malformed Bluetooth packet, with no additional execution privileges needed. User interaction is not needed for exploitation. Bounds Sanitizer mitigates this in the default configuration.Product: AndroidVersions: Android-11Android ID: A-162327732
35 CVE-2020-26606 200 +Info 2020-10-06 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020).
36 CVE-2020-26605 532 +Info 2020-10-06 2020-10-08
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Exynos chipsets) software. They allow attackers to obtain sensitive information by reading a log. The Samsung ID is SVE-2020-18596 (October 2020).
37 CVE-2020-26604 269 2020-10-06 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020).
38 CVE-2020-26603 22 Dir. Trav. 2020-10-06 2020-10-08
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020).
39 CVE-2020-26602 668 2020-10-06 2020-10-08
5.0
None Remote Low Not required Partial None None
An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020).
40 CVE-2020-26601 269 2020-10-06 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18034 (October 2020).
41 CVE-2020-26600 200 +Info 2020-10-06 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (October 2020).
42 CVE-2020-26599 287 2020-10-06 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication. The Samsung ID is SVE-2020-17079 (October 2020).
43 CVE-2020-26598 862 2020-10-06 2020-10-08
5.0
None Remote Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. The Network Management component could allow an unauthorized actor to kill a TCP connection. The LG ID is LVE-SMP-200023 (October 2020).
44 CVE-2020-26597 20 2020-10-06 2020-10-08
5.0
None Remote Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 9.0 and 10 software. The Wi-Fi subsystem has incorrect input validation, leading to a crash. The LG ID is LVE-SMP-200022 (October 2020).
45 CVE-2020-26269 125 2020-12-10 2021-08-17
5.0
None Remote Low Not required None None Partial
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel implementation of GetMatchingPaths but are not verified by the PRs introducing it (#40861 and #44310). Thus, we are completely rewriting the implementation to fully specify and validate these. This is patched in version 2.4.0. This issue only impacts master branch and the release candidates for TF version 2.4. The final release of the 2.4 release will be patched.
46 CVE-2020-25281 2020-09-11 2020-09-17
5.0
None Remote Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020).
47 CVE-2020-25064 2020-08-31 2020-09-01
5.0
None Remote Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020).
48 CVE-2020-25063 20 2020-08-31 2020-09-01
5.0
None Remote Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 (July 2020).
49 CVE-2020-25059 20 2020-08-31 2020-09-01
5.0
None Remote Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 (July 2020).
50 CVE-2020-25051 Bypass 2020-08-31 2020-09-03
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppInfo. The Samsung ID is SVE-2020-17758 (August 2020).
Total number of vulnerabilities : 642   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.