Vendor CVEs
All CVEs
11,367 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3923 | Med | 0.36 | 5.5 | 0.00 | Oct 10, 2016 | The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115. | ||
| CVE-2016-3920 | Med | 0.36 | 5.5 | 0.01 | Oct 10, 2016 | id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 30744884. | ||
| CVE-2016-3918 | Med | 0.36 | 5.5 | 0.00 | Oct 10, 2016 | email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a… | ||
| CVE-2016-3908 | Med | 0.36 | 5.5 | 0.00 | Oct 10, 2016 | The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device's PIN or password, and consequently gain privileges, via a crafted application, aka internal bug 30003944. | ||
| CVE-2016-3902 | Med | 0.36 | 5.5 | 0.01 | Oct 10, 2016 | drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29953313 and Qualcomm internal bug CR 1044072. | ||
| CVE-2016-3860 | Med | 0.36 | 5.5 | 0.00 | Oct 10, 2016 | sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29323142 and Qualcomm internal… | ||
| CVE-2016-3899 | Med | 0.36 | 5.5 | 0.01 | Sep 11, 2016 | OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or… | ||
| CVE-2016-3898 | Med | 0.36 | 5.5 | 0.00 | Sep 11, 2016 | Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service (loss of locked-screen 911 TTY functionality) via a crafted application that modifies the TTY mode by broadcasting an… | ||
| CVE-2016-3897 | Med | 0.36 | 5.5 | 0.01 | Sep 11, 2016 | The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the return value of a toString method call, which allows attackers to obtain… | ||
| CVE-2016-3896 | Med | 0.36 | 5.5 | 0.00 | Sep 11, 2016 | AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted application, aka internal bug 29767043. | ||
| CVE-2016-3895 | Med | 0.36 | 5.5 | 0.00 | Sep 11, 2016 | Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260. | ||
| CVE-2016-3894 | Med | 0.36 | 5.5 | 0.00 | Sep 11, 2016 | The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29618014 and Qualcomm internal bug CR1042033. | ||
| CVE-2016-3893 | Med | 0.36 | 5.5 | 0.01 | Sep 11, 2016 | The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which allows attackers to obtain sensitive information via a crafted application, aka… | ||
| CVE-2016-3892 | Med | 0.36 | 5.5 | 0.00 | Sep 11, 2016 | The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28760543 and Qualcomm internal bug CR1024197. | ||
| CVE-2016-3884 | Med | 0.36 | 5.5 | 0.00 | Sep 11, 2016 | server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug… | ||
| CVE-2016-3883 | Med | 0.36 | 5.5 | 0.00 | Sep 11, 2016 | internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attackers to spoof the… | ||
| CVE-2016-3881 | Med | 0.36 | 5.5 | 0.01 | Sep 11, 2016 | The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and… | ||
| CVE-2016-3880 | Med | 0.36 | 5.5 | 0.01 | Sep 11, 2016 | Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or… | ||
| CVE-2016-3879 | Med | 0.36 | 5.5 | 0.01 | Sep 11, 2016 | arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka… | ||
| CVE-2016-3878 | Med | 0.36 | 5.5 | 0.01 | Sep 11, 2016 | decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002. | ||
| CVE-2016-7153 | Med | 0.36 | 5.3 | 0.14 | Sep 6, 2016 | The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a… | ||
| CVE-2016-7152 | Med | 0.36 | 5.3 | 0.14 | Sep 6, 2016 | The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a… | ||
| CVE-2014-9899 | Med | 0.36 | 5.5 | 0.00 | Aug 6, 2016 | drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and… | ||
| CVE-2014-9898 | Med | 0.36 | 5.5 | 0.00 | Aug 6, 2016 | arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal… | ||
| CVE-2014-9897 | Med | 0.36 | 5.5 | 0.00 | Aug 6, 2016 | sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and… | ||
| CVE-2014-9896 | Med | 0.36 | 5.5 | 0.00 | Aug 6, 2016 | drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug… | ||
| CVE-2014-9894 | Med | 0.36 | 5.5 | 0.00 | Aug 6, 2016 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug… | ||
| CVE-2014-9893 | Med | 0.36 | 5.5 | 0.00 | Aug 6, 2016 | drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug… | ||
| CVE-2016-3853 | Med | 0.36 | 5.5 | 0.00 | Aug 5, 2016 | Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208. | ||
| CVE-2016-3852 | Med | 0.36 | 5.5 | 0.00 | Aug 5, 2016 | The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738. | ||
| CVE-2016-3839 | Med | 0.36 | 5.5 | 0.00 | Aug 5, 2016 | Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug… | ||
| CVE-2016-3838 | Med | 0.36 | 5.5 | 0.00 | Aug 5, 2016 | Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672. | ||
| CVE-2016-3837 | Med | 0.36 | 5.5 | 0.00 | Aug 5, 2016 | service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too few characters, aka internal… | ||
| CVE-2016-3836 | Med | 0.36 | 5.5 | 0.00 | Aug 5, 2016 | The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402. | ||
| CVE-2016-3835 | Med | 0.36 | 5.5 | 0.00 | Aug 5, 2016 | The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted… | ||
| CVE-2016-3834 | Med | 0.36 | 5.5 | 0.00 | Aug 5, 2016 | The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701. | ||
| CVE-2016-3830 | Med | 0.36 | 5.5 | 0.01 | Aug 5, 2016 | codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug… | ||
| CVE-2016-3829 | Med | 0.36 | 5.5 | 0.01 | Aug 5, 2016 | The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649. | ||
| CVE-2016-3828 | Med | 0.36 | 5.5 | 0.01 | Aug 5, 2016 | decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995. | ||
| CVE-2016-3827 | Med | 0.36 | 5.5 | 0.01 | Aug 5, 2016 | codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956. | ||
| CVE-2016-3818 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2016 | libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702. | ||
| CVE-2016-3816 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2016 | The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28402240. | ||
| CVE-2016-3815 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2016 | The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28522274. | ||
| CVE-2016-3814 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2016 | The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342. | ||
| CVE-2016-3813 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2016 | The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28172322 and Qualcomm internal bug CR1010222. | ||
| CVE-2016-3812 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2016 | The MediaTek video codec driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28174833 and MediaTek internal bug ALPS02688832. | ||
| CVE-2016-3810 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2016 | The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28175522 and MediaTek internal bug ALPS02694389. | ||
| CVE-2016-3809 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2016 | The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 27532522. | ||
| CVE-2015-8893 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2016 | app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275. | ||
| CVE-2014-9798 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2016 | platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka… |
- risk 0.36cvss 5.5epss 0.00
The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115.
- risk 0.36cvss 5.5epss 0.01
id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 30744884.
- risk 0.36cvss 5.5epss 0.00
email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a…
- risk 0.36cvss 5.5epss 0.00
The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device's PIN or password, and consequently gain privileges, via a crafted application, aka internal bug 30003944.
- risk 0.36cvss 5.5epss 0.01
drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29953313 and Qualcomm internal bug CR 1044072.
- risk 0.36cvss 5.5epss 0.00
sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29323142 and Qualcomm internal…
- risk 0.36cvss 5.5epss 0.01
OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or…
- risk 0.36cvss 5.5epss 0.00
Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service (loss of locked-screen 911 TTY functionality) via a crafted application that modifies the TTY mode by broadcasting an…
- risk 0.36cvss 5.5epss 0.01
The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the return value of a toString method call, which allows attackers to obtain…
- risk 0.36cvss 5.5epss 0.00
AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted application, aka internal bug 29767043.
- risk 0.36cvss 5.5epss 0.00
Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260.
- risk 0.36cvss 5.5epss 0.00
The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29618014 and Qualcomm internal bug CR1042033.
- risk 0.36cvss 5.5epss 0.01
The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which allows attackers to obtain sensitive information via a crafted application, aka…
- risk 0.36cvss 5.5epss 0.00
The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28760543 and Qualcomm internal bug CR1024197.
- risk 0.36cvss 5.5epss 0.00
server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug…
- risk 0.36cvss 5.5epss 0.00
internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attackers to spoof the…
- risk 0.36cvss 5.5epss 0.01
The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and…
- risk 0.36cvss 5.5epss 0.01
Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or…
- risk 0.36cvss 5.5epss 0.01
arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka…
- risk 0.36cvss 5.5epss 0.01
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002.
- risk 0.36cvss 5.3epss 0.14
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a…
- risk 0.36cvss 5.3epss 0.14
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a…
- risk 0.36cvss 5.5epss 0.00
drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and…
- risk 0.36cvss 5.5epss 0.00
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal…
- risk 0.36cvss 5.5epss 0.00
sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and…
- risk 0.36cvss 5.5epss 0.00
drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug…
- risk 0.36cvss 5.5epss 0.00
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug…
- risk 0.36cvss 5.5epss 0.00
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug…
- risk 0.36cvss 5.5epss 0.00
Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208.
- risk 0.36cvss 5.5epss 0.00
The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738.
- risk 0.36cvss 5.5epss 0.00
Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug…
- risk 0.36cvss 5.5epss 0.00
Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672.
- risk 0.36cvss 5.5epss 0.00
service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too few characters, aka internal…
- risk 0.36cvss 5.5epss 0.00
The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402.
- risk 0.36cvss 5.5epss 0.00
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted…
- risk 0.36cvss 5.5epss 0.00
The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701.
- risk 0.36cvss 5.5epss 0.01
codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug…
- risk 0.36cvss 5.5epss 0.01
The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649.
- risk 0.36cvss 5.5epss 0.01
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995.
- risk 0.36cvss 5.5epss 0.01
codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956.
- risk 0.36cvss 5.5epss 0.00
libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702.
- risk 0.36cvss 5.5epss 0.00
The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28402240.
- risk 0.36cvss 5.5epss 0.00
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28522274.
- risk 0.36cvss 5.5epss 0.00
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342.
- risk 0.36cvss 5.5epss 0.00
The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28172322 and Qualcomm internal bug CR1010222.
- risk 0.36cvss 5.5epss 0.00
The MediaTek video codec driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28174833 and MediaTek internal bug ALPS02688832.
- risk 0.36cvss 5.5epss 0.00
The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28175522 and MediaTek internal bug ALPS02694389.
- risk 0.36cvss 5.5epss 0.00
The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 27532522.
- risk 0.36cvss 5.5epss 0.00
app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.
- risk 0.36cvss 5.5epss 0.00
platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka…
Page 153 of 228