Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-07 | CVE-2016-0813 | Permissions, Privileges, and Access Controls vulnerability in Google Android packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check for device provisioning, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25476219. | 6.6 |
| 2016-02-07 | CVE-2016-0812 | Permissions, Privileges, and Access Controls vulnerability in Google Android The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25229538. | 6.6 |
| 2016-02-07 | CVE-2016-0810 | Permissions, Privileges, and Access Controls vulnerability in Google Android media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25781119. | 6.9 |
| 2016-02-07 | CVE-2016-0808 | Data Processing Errors vulnerability in Google Android Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298. | 4.9 |
| 2016-01-31 | CVE-2016-1948 | Cryptographic Issues vulnerability in multiple products Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream. | 4.3 |
| 2016-01-31 | CVE-2016-1943 | Code vulnerability in multiple products Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. | 4.3 |
| 2016-01-31 | CVE-2016-1940 | Code vulnerability in multiple products Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing. | 5.0 |
| 2016-01-25 | CVE-2016-1618 | Information Exposure vulnerability in Google Chrome Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 6.5 |
| 2016-01-25 | CVE-2016-1617 | Information Exposure vulnerability in Google Chrome The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. | 4.3 |
| 2016-01-25 | CVE-2016-1616 | 7PK - Security Features vulnerability in Google Chrome The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button. | 4.3 |