VYPR

Android

by Google

CVEs (4,041)

  • CVE-2016-6691CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05 allows remote attackers to cause a denial of service (framework crash) or possibly have unspecified other impact via an access point that has a malformed SSID with…

  • CVE-2016-3929CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823675.

  • CVE-2016-3927CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244.

  • CVE-2016-3926CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953.

  • CVE-2016-3877CriSep 11, 2016
    risk 0.64cvss 9.8epss 0.01

    Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors.

  • CVE-2016-5344CriAug 30, 2016
    risk 0.64cvss 9.8epss 0.02

    Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size…

  • CVE-2016-3840CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.02

    Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.

  • CVE-2016-3821CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.02

    libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory…

  • CVE-2016-3820CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.01

    The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410.

  • CVE-2016-3819CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.02

    Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory…

  • CVE-2014-9902CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android…

  • CVE-2016-3745CriJul 11, 2016
    risk 0.64cvss 9.8epss 0.01

    Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obtaining Signature or…

  • CVE-2016-3743CriJul 11, 2016
    risk 0.64cvss 9.8epss 0.01

    decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656.

  • CVE-2016-3742CriJul 11, 2016
    risk 0.64cvss 9.8epss 0.01

    decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659.

  • CVE-2016-3741CriJul 11, 2016
    risk 0.64cvss 9.8epss 0.01

    The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661.

  • CVE-2016-2506CriJul 11, 2016
    risk 0.64cvss 9.8epss 0.02

    DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory…

  • CVE-2016-2496CriJun 13, 2016
    risk 0.64cvss 9.8epss 0.01

    The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796.

  • CVE-2016-2473CriJun 13, 2016
    risk 0.64cvss 9.8epss 0.01

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501.

  • CVE-2016-2429CriMay 9, 2016
    risk 0.64cvss 9.8epss 0.02

    libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2016-2428CriMay 9, 2016
    risk 0.64cvss 9.8epss 0.02

    libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack…

Page 14 of 203