Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2016-04-18 CVE-2016-2420 Permissions, Privileges, and Access Controls vulnerability in Google Android
rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620.
local
low complexity
google CWE-264
7.8
2016-04-18 CVE-2016-2419 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.
network
low complexity
google CWE-264
critical
9.8
2016-04-18 CVE-2016-2417 Permissions, Privileges, and Access Controls vulnerability in Google Android
media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474.
network
low complexity
google CWE-264
critical
9.8
2016-04-18 CVE-2016-2416 Permissions, Privileges, and Access Controls vulnerability in Google Android
libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057.
network
low complexity
google CWE-264
critical
9.8
2016-04-18 CVE-2016-2413 Permissions, Privileges, and Access Controls vulnerability in Google Android
media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627.
local
low complexity
google CWE-264
7.8
2016-04-18 CVE-2016-2412 Permissions, Privileges, and Access Controls vulnerability in Google Android
include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930.
local
low complexity
google CWE-264
7.8
2016-04-18 CVE-2016-2410 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677.
local
high complexity
google CWE-264
7.4
2016-04-18 CVE-2016-2409 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545.
network
high complexity
google CWE-264
8.1
2016-04-18 CVE-2016-0850 Permissions, Privileges, and Access Controls vulnerability in Google Android
The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to bypass intended pairing restrictions via a crafted device, aka internal bug 26551752.
low complexity
google CWE-264
8.8
2016-04-18 CVE-2016-0847 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502.
local
low complexity
google CWE-264
8.4