Vulnerabilities > Google > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-08-05 | CVE-2016-3827 | Encoding Error vulnerability in Google Android codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956. | 5.5 |
2016-07-23 | CVE-2016-5137 | Information Exposure vulnerability in Google Chrome The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. | 4.3 |
2016-07-23 | CVE-2016-5135 | Improper Input Validation vulnerability in Google Chrome WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element. | 6.5 |
2016-07-23 | CVE-2016-5133 | Improper Authentication vulnerability in Google Chrome Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. | 5.3 |
2016-07-23 | CVE-2016-5130 | Improper Access Control vulnerability in Google Chrome content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. | 6.5 |
2016-07-23 | CVE-2016-1707 | Improper Input Validation vulnerability in Google Chrome ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site. | 6.5 |
2016-07-11 | CVE-2016-3818 | Improper Access Control vulnerability in Google Android libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702. | 5.5 |
2016-07-11 | CVE-2016-3816 | Information Exposure vulnerability in Google Android The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28402240. | 5.5 |
2016-07-11 | CVE-2016-3815 | Information Exposure vulnerability in Google Android The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28522274. | 5.5 |
2016-07-11 | CVE-2016-3814 | Information Exposure vulnerability in Google Android The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342. | 5.5 |