VYPR

Android

by Google

CVEs (4,715)

  • CVE-2016-2431HigMay 9, 2016
    risk 0.51cvss 7.8epss 0.02

    The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.

  • CVE-2016-2430HigMay 9, 2016
    risk 0.51cvss 7.8epss 0.00

    libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236.

  • CVE-2016-2060HigMay 9, 2016
    risk 0.51cvss 7.8epss 0.00

    server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access…

  • CVE-2016-2422HigApr 18, 2016
    risk 0.51cvss 7.8epss 0.00

    Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining…

  • CVE-2016-2420HigApr 18, 2016
    risk 0.51cvss 7.8epss 0.00

    rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620.

  • CVE-2016-2413HigApr 18, 2016
    risk 0.51cvss 7.8epss 0.00

    media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or…

  • CVE-2016-2412HigApr 18, 2016
    risk 0.51cvss 7.8epss 0.00

    include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by…

  • CVE-2016-0836HigApr 18, 2016
    risk 0.51cvss 7.8epss 0.02

    Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590.

  • CVE-2016-0827HigMar 12, 2016
    risk 0.51cvss 7.8epss 0.01

    Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to…

  • CVE-2016-0826HigMar 12, 2016
    risk 0.51cvss 7.8epss 0.01

    libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly…

  • CVE-2016-0820HigMar 12, 2016
    risk 0.51cvss 7.8epss 0.01

    The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358.

  • CVE-2016-0819HigMar 12, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034.

  • CVE-2016-0810HigFeb 7, 2016
    risk 0.51cvss 7.8epss 0.00

    media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or…

  • CVE-2015-6647HigJan 6, 2016
    risk 0.51cvss 7.8epss 0.01

    The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.

  • CVE-2015-6640HigJan 6, 2016
    risk 0.51cvss 7.8epss 0.01

    The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption)…

  • CVE-2015-6638HigJan 6, 2016
    risk 0.51cvss 7.8epss 0.00

    The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.

  • CVE-2015-6637HigJan 6, 2016
    risk 0.51cvss 7.8epss 0.01

    The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.

  • CVE-2024-40676HigJan 28, 2025
    risk 0.50cvss 7.7epss 0.00

    In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2024-29753HigApr 5, 2024
    risk 0.50cvss 7.7epss 0.00

    In tmu_set_control_temp_step of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-29743HigApr 5, 2024
    risk 0.50cvss 7.7epss 0.00

    In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Page 111 of 236