VYPR

Android

by Google

CVEs (4,041)

  • CVE-2016-0809HigFeb 7, 2016
    risk 0.57cvss 8.8epss 0.01

    Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal…

  • CVE-2016-0802HigFeb 7, 2016
    risk 0.57cvss 8.8epss 0.02

    The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal…

  • CVE-2025-48581HigSep 4, 2025
    risk 0.55cvss 8.4epss 0.00

    In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2017-13156HigDec 6, 2017
    risk 0.55cvss 7.8epss 0.20

    An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.

  • CVE-2016-3861HigSep 11, 2016
    risk 0.55cvss 7.8epss 0.11

    LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or…

  • CVE-2016-3749HigJul 11, 2016
    risk 0.55cvss 8.4epss 0.00

    server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 28163930.

  • CVE-2016-3748HigJul 11, 2016
    risk 0.55cvss 8.4epss 0.00

    The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804.

  • CVE-2016-2463HigJun 13, 2016
    risk 0.55cvss 8.4epss 0.01

    Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…

  • CVE-2016-0849HigApr 18, 2016
    risk 0.55cvss 8.4epss 0.00

    Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access,…

  • CVE-2016-0848HigApr 18, 2016
    risk 0.55cvss 8.4epss 0.00

    Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by…

  • CVE-2016-0847HigApr 18, 2016
    risk 0.55cvss 8.4epss 0.00

    The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug…

  • CVE-2016-0844HigApr 18, 2016
    risk 0.55cvss 8.4epss 0.00

    The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307.

  • CVE-2016-0843HigApr 18, 2016
    risk 0.55cvss 8.4epss 0.00

    The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197.

  • CVE-2016-0842HigApr 18, 2016
    risk 0.55cvss 8.4epss 0.02

    The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug…

  • CVE-2016-0840HigApr 18, 2016
    risk 0.55cvss 8.4epss 0.02

    Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350.

  • CVE-2016-0834HigApr 18, 2016
    risk 0.55cvss 8.4epss 0.02

    An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548.

  • CVE-2016-0807HigFeb 7, 2016
    risk 0.55cvss 8.4epss 0.00

    The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.

  • CVE-2016-0806HigFeb 7, 2016
    risk 0.55cvss 8.4epss 0.00

    The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453.

  • CVE-2016-0805HigFeb 7, 2016
    risk 0.55cvss 8.4epss 0.00

    The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204.

  • CVE-2018-9515HigOct 2, 2018
    risk 0.54cvss 7.8epss 0.01

    In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

Page 18 of 203