Vulnerabilities > Google > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-09-04 | CVE-2014-6060 | Resource Management Errors vulnerability in multiple products The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again. | 3.3 |
| 2014-03-25 | CVE-2014-1515 | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. | 1.9 |
| 2013-04-24 | CVE-2012-6140 | Information Exposure vulnerability in Google Authenticator 0.86/0.87/0.91 pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258. | 1.9 |
| 2013-02-14 | CVE-2012-5564 | Link Following vulnerability in Google Android Debug Bridge android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log. | 3.3 |
| 2012-09-15 | CVE-2012-4929 | Cryptographic Issues vulnerability in multiple products The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | 2.6 |
| 2012-09-15 | CVE-2012-4930 | Cryptographic Issues vulnerability in multiple products The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | 2.6 |
| 2012-08-26 | CVE-2012-3487 | Race Condition vulnerability in Google Tunnelblick Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. | 1.2 |
| 2012-08-26 | CVE-2012-4676 | Link Following vulnerability in Google Tunnelblick The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485. | 1.2 |
| 2012-05-22 | CVE-2012-2567 | Credentials Management vulnerability in Xelex Mobiletrack 2.3.7 The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted (1) FTP or (2) HTTP session. | 2.6 |
| 2011-10-03 | CVE-2011-3975 | Information Exposure vulnerability in multiple products A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port. | 2.6 |