Vulnerabilities > Google > Android > 2.2.3

DATE CVE VULNERABILITY TITLE RISK
2016-05-09 CVE-2016-2432 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059.
network
google CWE-264
critical
9.3
2016-05-09 CVE-2016-2431 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.
network
google CWE-264
critical
9.3
2016-05-09 CVE-2016-2060 Permissions, Privileges, and Access Controls vulnerability in Google Android
server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application.
network
google CWE-264
critical
9.3
2016-05-05 CVE-2016-2059 Improper Privilege Management vulnerability in Linux Kernel
The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls.
4.4
2016-04-27 CVE-2016-0774 Improper Input Validation vulnerability in multiple products
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.
local
low complexity
linux google CWE-20
5.6
2015-12-08 CVE-2015-8505 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than CVE-2015-6616, CVE-2015-8506, and CVE-2015-8507.
network
google CWE-119
critical
9.3
2015-12-08 CVE-2015-6634 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.
network
google CWE-119
critical
9.3
2015-12-08 CVE-2015-6629 Information Exposure vulnerability in Google Android
Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667.
network
low complexity
google CWE-200
5.0
2015-11-03 CVE-2015-8074 Information Exposure vulnerability in Google Android
mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611.
network
low complexity
google CWE-200
5.0
2015-11-03 CVE-2015-6609 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.
network
low complexity
google CWE-119
critical
10.0