Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2016-08-05 CVE-2016-3847 Permissions, Privileges, and Access Controls vulnerability in Google Android
The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3846 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378.
local
high complexity
google CWE-264
7.0
2016-08-05 CVE-2016-3845 Permissions, Privileges, and Access Controls vulnerability in Google Android
The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3844 Permissions, Privileges, and Access Controls vulnerability in Google Android
mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3843 Permissions, Privileges, and Access Controls vulnerability in Google Android
Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3842 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3840 Permissions, Privileges, and Access Controls vulnerability in Google Android
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.
network
low complexity
google CWE-264
critical
9.8
2016-08-05 CVE-2016-3833 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3832 Permissions, Privileges, and Access Controls vulnerability in Google Android
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-2504 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.
local
low complexity
google CWE-264
7.8