Vulnerabilities > Google > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-5084 | Improper Privilege Management vulnerability in Google Chrome OS Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint. | 3.3 |
| 2017-07-06 | CVE-2017-0709 | Information Exposure vulnerability in Google Android 7.1.2 A information disclosure vulnerability in the HTC sensor hub driver. | 3.3 |
| 2017-06-13 | CVE-2015-9031 | Information Exposure vulnerability in Google Android In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP. | 3.3 |
| 2017-06-13 | CVE-2015-9032 | Information Exposure vulnerability in Google Android In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications. | 3.3 |
| 2017-04-24 | CVE-2017-3544 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). | 3.7 |
| 2017-01-12 | CVE-2016-6770 | Improper Access Control vulnerability in Google Android An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. | 3.3 |
| 2016-09-11 | CVE-2016-3888 | Permissions, Privileges, and Access Controls vulnerability in Google Android internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123. | 2.1 |
| 2016-09-11 | CVE-2016-5166 | Information Exposure vulnerability in multiple products The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice. | 3.1 |
| 2016-07-11 | CVE-2016-3763 | Improper Input Validation vulnerability in Google Android net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919. | 3.3 |
| 2016-07-11 | CVE-2016-3759 | Information Exposure vulnerability in Google Android The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080. | 3.3 |