Filtered by vendor Google
Subscribe
Total
4234 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2425 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185. | |||||
CVE-2016-3837 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too few characters, aka internal bug 28164077. | |||||
CVE-2015-6645 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 5.0 MEDIUM |
SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205. | |||||
CVE-2016-3881 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and device hang or reboot) via a crafted media file, aka internal bug 30013856. | |||||
CVE-2016-1654 | 5 Canonical, Debian, Google and 2 more | 5 Ubuntu Linux, Debian Linux, Chrome and 2 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors. | |||||
CVE-2016-3899 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29421811. | |||||
CVE-2016-3879 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka internal bug 29770686. | |||||
CVE-2016-2499 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172. | |||||
CVE-2016-3836 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402. | |||||
CVE-2016-6685 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The kernel in Android before 2016-10-05 on Nexus 6P devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30402628. | |||||
CVE-2014-9895 | 2 Google, Linux | 2 Android, Linux Kernel | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739. | |||||
CVE-2016-2845 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp. | |||||
CVE-2015-8893 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275. | |||||
CVE-2016-5130 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. | |||||
CVE-2016-1692 | 6 Canonical, Debian, Google and 3 more | 9 Ubuntu Linux, Debian Linux, Chrome and 6 more | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
CVE-2016-3896 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted application, aka internal bug 29767043. | |||||
CVE-2016-6684 | 1 Google | 8 Android, Android One, Nexus 5 and 5 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30148243. | |||||
CVE-2016-5163 | 2 Google, Opensuse | 2 Chrome, Leap | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android. | |||||
CVE-2016-1652 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Chrome, Leap and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | |||||
CVE-2016-6677 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30259955. |