Vulnerabilities > Google > Android > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-11 | CVE-2016-3885 | Permissions, Privileges, and Access Controls vulnerability in Google Android debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal bug 29555636. | 7.8 |
| 2016-09-11 | CVE-2016-3884 | Improper Access Control vulnerability in Google Android 6.0/6.0.1/7.0 server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug 29421441. | 5.5 |
| 2016-09-11 | CVE-2016-3883 | Improper Access Control vulnerability in Google Android internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attackers to spoof the premium-payment confirmation dialog via a crafted application, aka internal bug 28557603. | 5.5 |
| 2016-09-11 | CVE-2016-3881 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and device hang or reboot) via a crafted media file, aka internal bug 30013856. | 5.5 |
| 2016-09-11 | CVE-2016-3880 | Improper Access Control vulnerability in Google Android Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 25747670. | 5.5 |
| 2016-09-11 | CVE-2016-3877 | Unspecified vulnerability in Google Android Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors. | 9.8 |
| 2016-09-11 | CVE-2016-3876 | Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1/7.0 providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345. | 6.8 |
| 2016-09-11 | CVE-2016-3874 | Permissions, Privileges, and Access Controls vulnerability in Google Android CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges via a crafted application that sends a WE_UNIT_TEST_CMD command, aka Android internal bug 29944562 and Qualcomm internal bug CR997797. | 7.8 |
| 2016-09-11 | CVE-2016-3873 | Permissions, Privileges, and Access Controls vulnerability in Google Android The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 29518457. | 7.8 |
| 2016-09-11 | CVE-2016-3872 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug 29421675. | 7.8 |