Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-30558

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-02 Jan, 2023 | 00:00
Updated At-23 Oct, 2024 | 19:15
Rejected At-
Credits

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:02 Jan, 2023 | 00:00
Updated At:23 Oct, 2024 | 19:15
Rejected At:
▼CVE Numbering Authority (CNA)

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium)

Affected Products
Vendor
Google LLCGoogle
Product
Chrome
Versions
Affected
  • From unspecified before 91.0.4472.77 (custom)
Problem Types
TypeCWE IDDescription
textN/AInsufficient policy enforcement
Type: text
CWE ID: N/A
Description: Insufficient policy enforcement
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
N/A
https://crbug.com/916326
N/A
Hyperlink: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
Resource: N/A
Hyperlink: https://crbug.com/916326
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
x_transferred
https://crbug.com/916326
x_transferred
Hyperlink: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
Resource:
x_transferred
Hyperlink: https://crbug.com/916326
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Google LLCgoogle
Product
chrome
CPEs
  • cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 91.0.4472.77 (custom)
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:02 Jan, 2023 | 23:15
Updated At:23 Oct, 2024 | 20:35

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Google LLC
google
>>chrome>>Versions before 91.0.4472.77(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.htmlchrome-cve-admin@google.com
Release Notes
Vendor Advisory
https://crbug.com/916326chrome-cve-admin@google.com
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
Source: chrome-cve-admin@google.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://crbug.com/916326
Source: chrome-cve-admin@google.com
Resource:
Exploit
Issue Tracking
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1477Records found
CVE-2024-6102
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.93%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 23:49
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5839
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.36%
||
7 Day CHG+0.02%
Published-11 Jun, 2024 | 20:58
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-474
Use of Function with Inconsistent Implementations
CVE-2024-5837
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.25% / 47.97%
||
7 Day CHG+0.01%
Published-11 Jun, 2024 | 20:58
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2018-9365
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-2.74% / 85.80%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 20:44
Updated-18 Dec, 2024 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndrioidandroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-0489
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.48% / 64.85%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 15:56
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Parse_data of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151096540

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0264
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:51
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-116718596

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-5842
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.98%
||
7 Day CHG+0.33%
Published-11 Jun, 2024 | 20:58
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechromefedora
CWE ID-CWE-416
Use After Free
CVE-2024-6293
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.69%
||
7 Day CHG~0.00%
Published-24 Jun, 2024 | 21:46
Updated-13 Feb, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectMicrosoft CorporationGoogle LLC
Product-chromewindowsfedoraChromechrome
CWE ID-CWE-416
Use After Free
CVE-2024-6103
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.93%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 23:39
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-416
Use After Free
CVE-2024-6100
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.92% / 75.83%
||
7 Day CHG-0.02%
Published-19 Jun, 2024 | 23:40
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2020-0321
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:51
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155171907

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-5844
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.42% / 61.42%
||
7 Day CHG+0.10%
Published-11 Jun, 2024 | 20:58
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0194
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.48% / 64.85%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143826590

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-0190
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.89% / 75.37%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ideint_weave_blk of ideint_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140324890

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0131
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.48% / 64.85%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds write due to incompletely initialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151159638

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9380
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-4.00% / 88.27%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 19:54
Updated-18 Dec, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0002
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.99%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 18:26
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0451
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-2.86% / 86.08%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 12:49
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0449
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.99%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 12:52
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0245
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-4.10% / 88.44%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 15:29
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0168
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.48% / 64.85%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv of impeg2_format_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137798382

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9308
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661742

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9307
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661893

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9310
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112891546

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-8792
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.56% / 68.06%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.

Action-Not Available
Vendor-Apple Inc.Google LLC
Product-androidiphone_osshazamShazam-iOSShazam-Android
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-5495
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.91%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 23:02
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectMicrosoft CorporationGoogle LLC
Product-chromewindowsfedoraChromechrome
CWE ID-CWE-416
Use After Free
CVE-2019-9299
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663886

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9262
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.68%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111792351

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-5496
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.88% / 75.22%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 23:02
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2019-9256
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.68%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libmediaextractor there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111921829

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-5493
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.71%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 23:02
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLCCanonical Ltd.
Product-chromeubuntu_linuxfedoraChromechrome
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9303
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661057

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9305
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661835

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9304
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112662270

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9302
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661356

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9363
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123584306

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9346
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.76% / 73.14%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libstagefright, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128433933

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9291
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible remote code execution due to an improper memory allocation. This could lead to remote code execution in Bluetooth with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112159179

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-9306
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661348

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9382
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libeffects, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120874654

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9405
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890225

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9357
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112662995

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-5494
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.85%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 23:02
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectMicrosoft CorporationGoogle LLC
Product-chromewindowsfedoraChromechrome
CWE ID-CWE-416
Use After Free
CVE-2019-9297
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890242

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-5499
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.31% / 79.60%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 23:02
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9298
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112892194

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-5498
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 35.23%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 23:02
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2019-7845
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-10.98% / 93.32%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 15:14
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Google LLCAdobe Inc.Red Hat, Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-enterprise_linux_serverlinux_kernelwindows_8.1enterprise_linux_workstationchrome_oswindowsmacoswindows_10enterprise_linux_desktopflash_playerAdobe Flash Player
CWE ID-CWE-416
Use After Free
CVE-2019-5822
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.71% / 82.14%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CVE-2019-5874
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.90%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromewindowsChrome
  • Previous
  • 1
  • 2
  • ...
  • 22
  • 23
  • 24
  • ...
  • 29
  • 30
  • Next
Details not found