Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-29 | CVE-2016-5176 | Improper Access Control vulnerability in Google Chrome Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. | 6.5 |
| 2016-09-25 | CVE-2016-5174 | Improper Input Validation vulnerability in Google Chrome browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site. | 6.5 |
| 2016-09-25 | CVE-2016-5172 | Information Exposure vulnerability in multiple products The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code. | 6.5 |
| 2016-09-11 | CVE-2016-3899 | Improper Access Control vulnerability in Google Android OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29421811. | 5.5 |
| 2016-09-11 | CVE-2016-3898 | Improper Access Control vulnerability in Google Android Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service (loss of locked-screen 911 TTY functionality) via a crafted application that modifies the TTY mode by broadcasting an intent, aka internal bug 29832693. | 5.5 |
| 2016-09-11 | CVE-2016-3897 | Information Exposure vulnerability in Google Android The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the return value of a toString method call, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25624963. | 5.5 |
| 2016-09-11 | CVE-2016-3896 | Information Exposure vulnerability in Google Android AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted application, aka internal bug 29767043. | 5.5 |
| 2016-09-11 | CVE-2016-3895 | Integer Overflow or Wraparound vulnerability in Google Android 6.0/6.0.1/7.0 Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260. | 5.5 |
| 2016-09-11 | CVE-2016-3894 | Information Exposure vulnerability in Google Android The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29618014 and Qualcomm internal bug CR1042033. | 5.5 |
| 2016-09-11 | CVE-2016-3893 | Information Exposure vulnerability in Google Android The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29512527 and Qualcomm internal bug CR856400. | 5.5 |