Vulnerabilities > Google > Android > 1.0

DATE CVE VULNERABILITY TITLE RISK
2015-10-01 CVE-2015-3849 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via an application that sends a crafted message to a service, aka internal bug 21585255.
network
google CWE-264
critical
9.3
2015-10-01 CVE-2015-3845 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a different application's privileges via a crafted application, aka internal bug 17312693.
network
google CWE-264
6.8
2015-10-01 CVE-2015-3844 Permissions, Privileges, and Access Controls vulnerability in Google Android
The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted application, as demonstrated by interfering with use of the Settings application, aka internal bug 21669445.
network
google CWE-264
6.8
2015-10-01 CVE-2015-3843 Permissions, Privileges, and Access Controls vulnerability in Google Android
The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171.
network
google CWE-264
critical
9.3
2015-10-01 CVE-2015-3842 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516.
network
google CWE-119
critical
9.3
2015-10-01 CVE-2015-3837 Improper Input Validation vulnerability in Google Android
The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603.
network
google CWE-20
critical
9.3
2015-10-01 CVE-2015-3836 Numeric Errors vulnerability in Google Android
The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860.
network
low complexity
google CWE-189
critical
10.0
2015-10-01 CVE-2015-3835 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516.
network
google CWE-119
critical
9.3
2015-10-01 CVE-2015-3834 Numeric Errors vulnerability in Google Android
Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption, leading to a heap-based buffer overflow, aka internal bug 20222489.
network
low complexity
google CWE-189
critical
10.0
2015-10-01 CVE-2015-3833 Improper Access Control vulnerability in Google Android
The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the foreground application via a crafted application, aka internal bug 20034603.
network
google CWE-284
4.3