CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4477 19 DoS +Priv 2016-05-09 2016-05-10
4.4
None Local Medium Not required Partial Partial Partial
wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.
2 CVE-2016-2500 200 +Info 2016-06-12 2016-06-15
4.3
None Remote Medium Not required Partial None None
Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814.
3 CVE-2016-2499 200 +Info 2016-06-12 2016-06-14
4.3
None Remote Medium Not required Partial None None
AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172.
4 CVE-2016-2498 200 Bypass +Info 2016-06-12 2016-06-14
4.3
None Remote Medium Not required Partial None None
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.
5 CVE-2016-2460 200 +Info 2016-05-09 2016-05-09
4.3
None Remote Medium Not required Partial None None
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27555981.
6 CVE-2016-2459 200 +Info 2016-05-09 2016-05-09
4.3
None Remote Medium Not required Partial None None
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27556038.
7 CVE-2016-2458 200 +Info 2016-05-09 2016-05-10
4.3
None Remote Medium Not required Partial None None
The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and ComposeActivityEmail.java, aka internal bug 27335139.
8 CVE-2016-2427 200 +Info 2016-04-17 2016-04-26
4.3
None Remote Medium Not required Partial None None
asn1/cms/GCMParameters.java in the Bouncy Castle Crypto APIs 1.54 for Java, as used in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, has an improper AES-GCM-ICVlen value, which makes it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568.
9 CVE-2016-2426 200 +Info 2016-04-17 2016-04-25
4.3
None Remote Medium Not required Partial None None
server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 26094635.
10 CVE-2016-2425 200 +Info 2016-04-17 2016-04-25
4.3
None Remote Medium Not required Partial None None
mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185.
11 CVE-2016-2414 20 DoS Mem. Corr. 2016-04-17 2016-04-21
4.9
None Local Low Not required None None Complete
The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) via a crafted font, aka internal bug 26413177.
12 CVE-2016-1948 310 2016-01-31 2016-02-10
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream.
13 CVE-2016-1943 17 2016-01-31 2016-02-10
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
14 CVE-2016-1702 119 DoS Overflow 2016-06-05 2016-06-06
4.3
None Remote Medium Not required None None Partial
The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.
15 CVE-2016-1699 284 Bypass 2016-06-05 2016-06-06
4.3
None Remote Medium Not required None Partial None
WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL.
16 CVE-2016-1698 200 +Info 2016-06-05 2016-06-06
4.3
None Remote Medium Not required Partial None None
The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition.
17 CVE-2016-1694 284 2016-06-05 2016-06-08
4.3
None Remote Medium Not required None Partial None
browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority.
18 CVE-2016-1692 284 Bypass 2016-06-05 2016-06-06
4.3
None Remote Medium Not required None Partial None
WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
19 CVE-2016-1689 119 DoS Overflow 2016-06-05 2016-06-06
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.
20 CVE-2016-1688 119 DoS Overflow 2016-06-05 2016-06-06
4.3
None Remote Medium Not required None None Partial
The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.
21 CVE-2016-1687 200 +Info 2016-06-05 2016-06-06
4.3
None Remote Medium Not required Partial None None
The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.
22 CVE-2016-1686 119 DoS Overflow 2016-06-05 2016-06-06
4.3
None Remote Medium Not required None None Partial
The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
23 CVE-2016-1685 119 DoS Overflow 2016-06-05 2016-06-06
4.3
None Remote Medium Not required None None Partial
core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
24 CVE-2016-1682 284 Bypass 2016-06-05 2016-06-06
4.3
None Remote Medium Not required None Partial None
The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration.
25 CVE-2016-1677 200 +Info 2016-06-05 2016-06-07
4.3
None Remote Medium Not required Partial None None
uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."
26 CVE-2016-1665 20 +Info 2016-05-14 2016-05-18
4.3
None Remote Medium Not required Partial None None
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.
27 CVE-2016-1664 254 2016-05-14 2016-05-18
4.3
None Remote Medium Not required None Partial None
The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.
28 CVE-2016-1658 284 Bypass +Info 2016-04-18 2016-04-26
4.3
None Remote Medium Not required Partial None None
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
29 CVE-2016-1657 254 2016-04-18 2016-04-18
4.3
None Remote Medium Not required None Partial None
The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.
30 CVE-2016-1654 20 DoS 2016-04-18 2016-05-18
4.3
None Remote Medium Not required None None Partial
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.
31 CVE-2016-1652 79 XSS 2016-04-18 2016-04-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
32 CVE-2016-1640 17 2016-03-05 2016-03-07
4.3
None Remote Medium Not required None Partial None
The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site.
33 CVE-2016-1637 200 +Info 2016-03-05 2016-03-07
4.3
None Remote Medium Not required Partial None None
The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site.
34 CVE-2016-1626 119 DoS Overflow 2016-02-13 2016-02-18
4.3
None Remote Medium Not required Partial None None
The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
35 CVE-2016-1625 264 Bypass 2016-02-13 2016-02-25
4.3
None Remote Medium Not required Partial None None
The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc.
36 CVE-2016-1618 310 2016-01-25 2016-01-26
4.3
None Remote Medium Not required Partial None None
Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
37 CVE-2016-1617 200 +Info 2016-01-25 2016-01-26
4.3
None Remote Medium Not required Partial None None
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.
38 CVE-2016-1616 254 2016-01-25 2016-01-26
4.3
None Remote Medium Not required None Partial None
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.
39 CVE-2016-1615 254 2016-01-25 2016-01-26
4.3
None Remote Medium Not required None Partial None
The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.
40 CVE-2016-1614 200 +Info 2016-01-25 2016-01-26
4.3
None Remote Medium Not required Partial None None
The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
41 CVE-2016-0831 200 +Info 2016-03-12 2016-03-21
4.3
None Remote Medium Not required Partial None None
The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215.
42 CVE-2016-0818 345 2016-03-12 2016-03-21
4.3
None Remote Medium Not required None Partial None
The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830.
43 CVE-2016-0808 19 DoS Overflow 2016-02-06 2016-03-14
4.9
None Local Low Not required None None Complete
Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298.
44 CVE-2015-6790 20 2015-12-14 2015-12-14
4.3
None Remote Medium Not required None Partial None
The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string.
45 CVE-2015-6786 264 Bypass 2015-12-05 2015-12-07
4.3
None Remote Medium Not required None Partial None
The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a * pattern, which allows remote attackers to bypass intended scheme restrictions in opportunistic circumstances by leveraging a policy that relies on this pattern.
46 CVE-2015-6785 264 Bypass 2015-12-05 2015-12-07
4.3
None Remote Medium Not required None Partial None
The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a policy that was intended to be specific to subdomains.
47 CVE-2015-6784 20 2015-12-05 2015-12-07
4.3
None Remote Medium Not required None Partial None
The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafted URL, as demonstrated by an initial http://example.com?-- substring.
48 CVE-2015-6783 20 Bypass 2015-12-05 2015-12-07
4.3
None Remote Medium Not required None Partial None
The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP archive.
49 CVE-2015-6782 20 2015-12-05 2015-12-07
4.3
None Remote Medium Not required None Partial None
The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site.
50 CVE-2015-6779 264 Bypass 2015-12-05 2015-12-07
4.3
None Remote Medium Not required None Partial None
PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL.
Total number of vulnerabilities : 203   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.