VYPR

Android

by Google

CVEs (4,715)

  • CVE-2016-3843HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.01

    Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs…

  • CVE-2016-3842HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.

  • CVE-2016-3833HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug…

  • CVE-2016-3832HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application,…

  • CVE-2016-3826HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted…

  • CVE-2016-3825HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964.

  • CVE-2016-3824HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug…

  • CVE-2016-3823HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka…

  • CVE-2016-3822HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.01

    exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data,…

  • CVE-2016-2504HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.

  • CVE-2016-3811HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556.

  • CVE-2016-3808HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009.

  • CVE-2016-3807HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196.

  • CVE-2016-3806HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341.

  • CVE-2016-3805HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412.

  • CVE-2016-3804HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410.

  • CVE-2016-3803HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.01

    The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434.

  • CVE-2016-3802HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.01

    The kernel filesystem implementation in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28271368.

  • CVE-2016-3801HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The MediaTek GPS driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174914 and MediaTek internal bug ALPS02688853.

  • CVE-2016-3800HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175027 and MediaTek internal bug ALPS02693739.

Page 105 of 236