VYPR

Android

by Google

CVEs (4,715)

  • CVE-2016-3887HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.00

    providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOW_CONFIG_VPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712.

  • CVE-2016-3885HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privileges via a crafted…

  • CVE-2016-3874HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges via a crafted application that sends a WE_UNIT_TEST_CMD command, aka Android…

  • CVE-2016-3873HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 29518457.

  • CVE-2016-3872HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug…

  • CVE-2016-3871HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka…

  • CVE-2016-3870HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not prevent input-port changes, which allows attackers to gain privileges via a crafted…

  • CVE-2016-3869HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#96070.

  • CVE-2016-3868HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm internal bug CR1032875.

  • CVE-2016-3867HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28919863 and Qualcomm internal bug CR1037897.

  • CVE-2016-3866HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm internal bug CR1032820.

  • CVE-2016-3865HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389.

  • CVE-2016-3864HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28823714 and Qualcomm internal bug CR913117.

  • CVE-2016-3863HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute…

  • CVE-2016-3862HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.02

    media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjhead_jni, which allows remote attackers to execute arbitrary code or cause a…

  • CVE-2016-3859HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28815326 and Qualcomm internal bug CR1034641.

  • CVE-2016-3858HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the Qualcomm subsystem driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application that provides a long string, aka Android internal bug 28675151 and…

  • CVE-2016-5342HigAug 30, 2016
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows…

  • CVE-2016-3856HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631.

  • CVE-2016-3855HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted…

Page 102 of 236