Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-05 | CVE-2017-14903 | Out-of-bounds Read vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7. | 5.3 |
| 2017-11-16 | CVE-2017-0860 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in the Android system (inputdispatcher). | 5.3 |
| 2017-11-16 | CVE-2017-0851 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the Android media framework (libhevc). | 5.3 |
| 2017-11-16 | CVE-2017-0850 | Information Exposure vulnerability in Google Android 7.0/7.1.1/7.1.2 An information disclosure vulnerability in the Android media framework (libstagefright). | 5.3 |
| 2017-11-16 | CVE-2017-0849 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the Android media framework (libavc). | 5.3 |
| 2017-11-16 | CVE-2017-0848 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the Android media framework (libeffects). | 5.3 |
| 2017-11-16 | CVE-2017-11022 | Information Exposure vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. | 5.3 |
| 2017-10-27 | CVE-2017-5120 | Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. | 6.5 |
| 2017-10-27 | CVE-2017-5119 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 4.3 |
| 2017-10-27 | CVE-2017-5118 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | 4.3 |