CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-21106 416 2021-01-08 2021-01-28
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
2 CVE-2021-0870 362 Exec Code Mem. Corr. 2021-10-22 2021-11-17
9.3
None Remote Medium Not required Complete Complete Complete
In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262
3 CVE-2021-0592 787 Exec Code 2021-07-14 2021-07-16
9.3
None Remote Medium Not required Complete Complete Complete
In various functions in WideVine, there are possible out of bounds writes due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-188061006
4 CVE-2021-0515 787 Exec Code 2021-07-14 2021-07-16
10.0
None Remote Low Not required Complete Complete Complete
In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-167389063
5 CVE-2021-0514 362 Exec Code 2021-07-14 2021-07-16
9.3
None Remote Medium Not required Complete Complete Complete
In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9 Android-11 Android-8.1Android ID: A-162604069
6 CVE-2021-0481 269 2021-06-11 2021-06-15
9.3
None Remote Medium Not required Complete Complete Complete
In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-172939189
7 CVE-2021-0474 787 Exec Code Overflow 2021-06-11 2021-06-14
10.0
None Remote Low Not required Complete Complete Complete
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-177611958
8 CVE-2021-0430 787 Exec Code 2021-04-13 2021-05-04
10.0
None Remote Low Not required Complete Complete Complete
In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-178725766
9 CVE-2021-0340 212 +Info 2021-02-10 2021-02-12
9.3
None Remote Medium Not required Complete Complete Complete
In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134155286
10 CVE-2021-0339 754 2021-02-10 2021-02-12
9.3
None Remote Medium Not required Complete Complete Complete
In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-145728687
11 CVE-2021-0325 787 Exec Code Overflow 2021-02-10 2021-02-12
9.3
None Remote Medium Not required Complete Complete Complete
In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-174238784
12 CVE-2021-0324 2021-06-14 2021-06-21
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android SoCAndroid ID: A-175402462
13 CVE-2021-0316 787 Exec Code 2021-01-11 2021-01-13
10.0
None Remote Low Not required Complete Complete Complete
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-168802990.
14 CVE-2021-0305 1021 2021-02-10 2021-02-12
9.3
None Remote Medium Not required Complete Complete Complete
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-154015447
15 CVE-2021-0302 1021 2021-02-10 2021-02-12
9.3
None Remote Medium Not required Complete Complete Complete
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-155287782
16 CVE-2020-16039 416 2021-01-08 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
17 CVE-2020-16037 416 2021-01-08 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
18 CVE-2020-12746 787 Exec Code Overflow Bypass 2020-05-11 2020-05-12
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SVE-2020-16712 (May 2020).
19 CVE-2020-11600 787 Exec Code 2020-04-08 2020-04-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with Q(10.0) software. There is arbitrary code execution in the Fingerprint Trustlet via a memory overwrite. The Samsung IDs are SVE-2019-16587, SVE-2019-16588, SVE-2019-16589 (April 2020).
20 CVE-2020-10850 120 Exec Code Overflow 2020-03-24 2020-03-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution. The Samsung ID is SVE-2019-15872 (January 2020).
21 CVE-2020-10837 119 Exec Code Overflow 2020-03-24 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. The Esecomm Trustlet allows a stack overflow and arbitrary code execution. The Samsung ID is SVE-2019-15984 (February 2020).
22 CVE-2020-8899 787 Exec Code Overflow 2020-05-06 2020-05-15
10.0
None Remote Low Not required Complete Complete Complete
There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.
23 CVE-2020-6572 416 Exec Code 2021-01-14 2021-01-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
24 CVE-2020-6559 416 2020-09-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
25 CVE-2020-6556 787 Overflow 2020-09-21 2021-01-02
9.3
None Remote Medium Not required Complete Complete Complete
Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
26 CVE-2020-6552 416 2020-09-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
27 CVE-2020-6551 416 2020-09-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28 CVE-2020-6550 416 2020-09-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
29 CVE-2020-6549 416 2020-09-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
30 CVE-2020-6548 787 Overflow 2020-09-21 2021-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
31 CVE-2020-6524 787 Overflow 2020-07-22 2021-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
32 CVE-2020-6523 787 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
33 CVE-2020-6520 120 Overflow 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
34 CVE-2020-6518 416 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.
35 CVE-2020-6517 787 Overflow 2020-07-22 2021-03-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
36 CVE-2020-6515 416 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
37 CVE-2020-6512 843 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
38 CVE-2020-6449 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
39 CVE-2020-6429 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
40 CVE-2020-6428 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
41 CVE-2020-6427 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
42 CVE-2020-6424 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
43 CVE-2020-6422 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
44 CVE-2020-6406 416 2020-02-11 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
45 CVE-2020-0458 190 Exec Code Overflow 2020-12-14 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-160265164
46 CVE-2020-0451 787 Exec Code Overflow 2020-11-10 2020-11-10
9.3
None Remote Medium Not required Complete Complete Complete
In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825
47 CVE-2020-0449 416 Exec Code Mem. Corr. 2020-11-10 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143
48 CVE-2020-0416 1188 2020-10-14 2020-10-16
9.3
None Remote Medium Not required Complete Complete Complete
In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585
49 CVE-2020-0387 269 2020-09-17 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156046804
50 CVE-2020-0380 787 Exec Code 2020-09-17 2020-09-23
10.0
None Remote Low Not required Complete Complete Complete
In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146398979
Total number of vulnerabilities : 1095   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.