Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2016-02-22 CVE-2016-2536 Resource Management Errors vulnerability in multiple products
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document.
network
low complexity
sap google CWE-399
8.8
2016-02-14 CVE-2016-1627 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.
network
low complexity
opensuse debian google CWE-264
8.8
2016-02-14 CVE-2016-1624 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression.
network
low complexity
opensuse google debian CWE-119
8.8
2016-02-14 CVE-2016-1623 Permissions, Privileges, and Access Controls vulnerability in multiple products
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.
network
low complexity
debian google opensuse CWE-264
8.8
2016-02-14 CVE-2016-1622 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
network
low complexity
google debian opensuse CWE-264
8.8
2016-02-08 CVE-2016-0728 The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
local
low complexity
google hp linux debian canonical
7.8
2016-02-07 CVE-2016-0811 Information Exposure vulnerability in Google Android 6.0/6.0.1
Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375.
network
low complexity
google CWE-200
7.5
2016-02-07 CVE-2016-0810 Permissions, Privileges, and Access Controls vulnerability in Google Android
media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25781119.
local
low complexity
google CWE-264
7.8
2016-02-07 CVE-2016-0809 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal bug 25753768.
low complexity
google CWE-264
8.8
2016-02-07 CVE-2016-0807 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.
local
low complexity
google CWE-264
8.4