VYPR

Android

by Google

CVEs (4,457)

  • CVE-2016-3835MedAug 5, 2016
    risk 0.36cvss 5.5epss 0.00

    The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted…

  • CVE-2016-3834MedAug 5, 2016
    risk 0.36cvss 5.5epss 0.00

    The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701.

  • CVE-2016-3830MedAug 5, 2016
    risk 0.36cvss 5.5epss 0.01

    codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug…

  • CVE-2016-3829MedAug 5, 2016
    risk 0.36cvss 5.5epss 0.01

    The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649.

  • CVE-2016-3828MedAug 5, 2016
    risk 0.36cvss 5.5epss 0.01

    decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995.

  • CVE-2016-3827MedAug 5, 2016
    risk 0.36cvss 5.5epss 0.01

    codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956.

  • CVE-2016-3818MedJul 11, 2016
    risk 0.36cvss 5.5epss 0.00

    libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702.

  • CVE-2016-3816MedJul 11, 2016
    risk 0.36cvss 5.5epss 0.00

    The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28402240.

  • CVE-2016-3815MedJul 11, 2016
    risk 0.36cvss 5.5epss 0.00

    The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28522274.

  • CVE-2016-3814MedJul 11, 2016
    risk 0.36cvss 5.5epss 0.00

    The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342.

  • CVE-2016-3813MedJul 11, 2016
    risk 0.36cvss 5.5epss 0.00

    The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28172322 and Qualcomm internal bug CR1010222.

  • CVE-2016-3812MedJul 11, 2016
    risk 0.36cvss 5.5epss 0.00

    The MediaTek video codec driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28174833 and MediaTek internal bug ALPS02688832.

  • CVE-2016-3810MedJul 11, 2016
    risk 0.36cvss 5.5epss 0.00

    The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28175522 and MediaTek internal bug ALPS02694389.

  • CVE-2016-3809MedJul 11, 2016
    risk 0.36cvss 5.5epss 0.00

    The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 27532522.

  • CVE-2015-8893MedJul 11, 2016
    risk 0.36cvss 5.5epss 0.00

    app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.

  • CVE-2014-9798MedJul 11, 2016
    risk 0.36cvss 5.5epss 0.00

    platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka…

  • CVE-2016-2500MedJun 13, 2016
    risk 0.36cvss 5.5epss 0.00

    Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814.

  • CVE-2016-2499MedJun 13, 2016
    risk 0.36cvss 5.5epss 0.00

    AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug…

  • CVE-2016-2498MedJun 13, 2016
    risk 0.36cvss 5.5epss 0.00

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.

  • CVE-2016-2495MedJun 13, 2016
    risk 0.36cvss 5.5epss 0.01

    SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28076789.

Page 156 of 223