Vulnerabilities > Google > Android

DATE CVE VULNERABILITY TITLE RISK
2016-10-10 CVE-2016-3916 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30741779.
local
low complexity
google CWE-119
7.8
2016-10-10 CVE-2016-3915 Permissions, Privileges, and Access Controls vulnerability in Google Android
camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30591838.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3914 Race Condition vulnerability in Google Android
Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application that modifies a database between two open operations, aka internal bug 30481342.
local
low complexity
google CWE-362
7.8
2016-10-10 CVE-2016-3913 Permissions, Privileges, and Access Controls vulnerability in Google Android
media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate a certain static_cast operation, which allows attackers to gain privileges via a crafted application, aka internal bug 30204103.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3912 Permissions, Privileges, and Access Controls vulnerability in Google Android
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allow attackers to gain privileges via a crafted application, aka internal bug 30202481.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3911 Permissions, Privileges, and Access Controls vulnerability in Google Android
core/java/android/os/Process.java in Zygote in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30143607.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3910 Permissions, Privileges, and Access Controls vulnerability in Google Android
services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30148546.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3909 Permissions, Privileges, and Access Controls vulnerability in Google Android
The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30033990.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3908 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1/7.0
The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device's PIN or password, and consequently gain privileges, via a crafted application, aka internal bug 30003944.
local
low complexity
google CWE-264
5.5
2016-10-10 CVE-2016-3905 Permissions, Privileges, and Access Controls vulnerability in Google Android
CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application that sends a SENDACTIONFRAME command, aka Android internal bug 28061823 and Qualcomm internal bug CR 1001449.
local
low complexity
google CWE-264
7.8