Android
by Google
CVEs (4,715)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3843 | Hig | 0.51 | 7.8 | 0.01 | Aug 5, 2016 | Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs… | ||
| CVE-2016-3842 | Hig | 0.51 | 7.8 | 0.00 | Aug 5, 2016 | The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974. | ||
| CVE-2016-3833 | Hig | 0.51 | 7.8 | 0.00 | Aug 5, 2016 | The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug… | ||
| CVE-2016-3832 | Hig | 0.51 | 7.8 | 0.00 | Aug 5, 2016 | The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application,… | ||
| CVE-2016-3826 | Hig | 0.51 | 7.8 | 0.00 | Aug 5, 2016 | services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted… | ||
| CVE-2016-3825 | Hig | 0.51 | 7.8 | 0.00 | Aug 5, 2016 | mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964. | ||
| CVE-2016-3824 | Hig | 0.51 | 7.8 | 0.00 | Aug 5, 2016 | omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug… | ||
| CVE-2016-3823 | Hig | 0.51 | 7.8 | 0.00 | Aug 5, 2016 | The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka… | ||
| CVE-2016-3822 | Hig | 0.51 | 7.8 | 0.01 | Aug 5, 2016 | exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data,… | ||
| CVE-2016-2504 | Hig | 0.51 | 7.8 | 0.00 | Aug 5, 2016 | The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974. | ||
| CVE-2016-3811 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2016 | The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556. | ||
| CVE-2016-3808 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2016 | The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009. | ||
| CVE-2016-3807 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2016 | The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196. | ||
| CVE-2016-3806 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2016 | The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341. | ||
| CVE-2016-3805 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2016 | The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412. | ||
| CVE-2016-3804 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2016 | The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410. | ||
| CVE-2016-3803 | Hig | 0.51 | 7.8 | 0.01 | Jul 11, 2016 | The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434. | ||
| CVE-2016-3802 | Hig | 0.51 | 7.8 | 0.01 | Jul 11, 2016 | The kernel filesystem implementation in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28271368. | ||
| CVE-2016-3801 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2016 | The MediaTek GPS driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174914 and MediaTek internal bug ALPS02688853. | ||
| CVE-2016-3800 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2016 | The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175027 and MediaTek internal bug ALPS02693739. |
- risk 0.51cvss 7.8epss 0.01
Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs…
- risk 0.51cvss 7.8epss 0.00
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.
- risk 0.51cvss 7.8epss 0.00
The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug…
- risk 0.51cvss 7.8epss 0.00
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application,…
- risk 0.51cvss 7.8epss 0.00
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted…
- risk 0.51cvss 7.8epss 0.00
mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964.
- risk 0.51cvss 7.8epss 0.00
omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug…
- risk 0.51cvss 7.8epss 0.00
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka…
- risk 0.51cvss 7.8epss 0.01
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data,…
- risk 0.51cvss 7.8epss 0.00
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.
- risk 0.51cvss 7.8epss 0.00
The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556.
- risk 0.51cvss 7.8epss 0.00
The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009.
- risk 0.51cvss 7.8epss 0.00
The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196.
- risk 0.51cvss 7.8epss 0.00
The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341.
- risk 0.51cvss 7.8epss 0.00
The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412.
- risk 0.51cvss 7.8epss 0.00
The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410.
- risk 0.51cvss 7.8epss 0.01
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434.
- risk 0.51cvss 7.8epss 0.01
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28271368.
- risk 0.51cvss 7.8epss 0.00
The MediaTek GPS driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174914 and MediaTek internal bug ALPS02688853.
- risk 0.51cvss 7.8epss 0.00
The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175027 and MediaTek internal bug ALPS02693739.
Page 105 of 236