Vulnerabilities > Google > Android > 4.0.4

DATE CVE VULNERABILITY TITLE RISK
2016-08-05 CVE-2016-3843 Permissions, Privileges, and Access Controls vulnerability in Google Android
Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3842 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3840 Permissions, Privileges, and Access Controls vulnerability in Google Android
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.
network
low complexity
google CWE-264
critical
9.8
2016-08-05 CVE-2016-3839 Improper Access Control vulnerability in Google Android
Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210.
local
low complexity
google CWE-284
5.5
2016-08-05 CVE-2016-3835 Information Exposure vulnerability in Google Android
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116.
local
low complexity
google CWE-200
5.5
2016-08-05 CVE-2016-3834 Information Exposure vulnerability in Google Android
The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701.
local
low complexity
google CWE-200
5.5
2016-08-05 CVE-2016-3832 Permissions, Privileges, and Access Controls vulnerability in Google Android
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3831 Improper Input Validation vulnerability in Google Android
The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a "Year 2038 problem."
network
low complexity
google CWE-20
7.5
2016-08-05 CVE-2016-3830 Improper Input Validation vulnerability in Google Android
codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599.
local
low complexity
google CWE-20
5.5
2016-08-05 CVE-2016-3827 Encoding Error vulnerability in Google Android
codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956.
local
low complexity
google CWE-172
5.5