Vulnerabilities > Google
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-07 | CVE-2016-10044 | Permissions, Privileges, and Access Controls vulnerability in multiple products The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. | 7.8 |
| 2017-02-07 | CVE-2014-9914 | Use After Free vulnerability in multiple products Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. | 7.8 |
| 2017-01-27 | CVE-2016-8411 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android Buffer overflow vulnerability while processing QMI QOS TLVs. | 9.8 |
| 2017-01-19 | CVE-2016-9650 | Data Processing Errors vulnerability in Google Chrome Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page. | 4.3 |
| 2017-01-19 | CVE-2016-5226 | Cross-site Scripting vulnerability in Google Chrome Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. | 6.1 |
| 2017-01-19 | CVE-2016-5225 | Data Processing Errors vulnerability in Google Chrome Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page. | 4.3 |
| 2017-01-19 | CVE-2016-5224 | Numeric Errors vulnerability in Google Chrome A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. | 4.3 |
| 2017-01-19 | CVE-2016-5223 | Integer Overflow or Wraparound vulnerability in Google Chrome Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file. | 6.5 |
| 2017-01-19 | CVE-2016-5222 | Improper Input Validation vulnerability in Google Chrome Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |
| 2017-01-19 | CVE-2016-5221 | Integer Overflow or Wraparound vulnerability in Google Chrome Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page. | 6.3 |