Vulnerabilities > Google > Android > 2.3.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-29 | CVE-2017-3748 | Unspecified vulnerability in Google Android On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device). | 7.8 |
| 2017-06-27 | CVE-2015-3840 | Improper Access Control vulnerability in Google Android The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. | 5.5 |
| 2017-05-12 | CVE-2017-0625 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. | 5.5 |
| 2017-05-12 | CVE-2017-0620 | Incorrect Calculation of Buffer Size vulnerability in multiple products An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.0 |
| 2017-05-12 | CVE-2017-0619 | An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.0 |
| 2017-05-12 | CVE-2017-0618 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.0 |
| 2017-05-12 | CVE-2017-0617 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.0 |
| 2017-05-12 | CVE-2017-0616 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.0 |
| 2017-05-12 | CVE-2017-0615 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.0 |
| 2017-05-12 | CVE-2017-0604 | Always-Incorrect Control Flow Implementation vulnerability in Google Android An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.8 |