Vulnerabilities > Google > Android
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-13 | CVE-2016-2468 | Unspecified vulnerability in Google Android The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 devices allows attackers to gain privileges via a crafted application, aka internal bug 27475454. | 7.8 |
| 2016-06-13 | CVE-2016-2467 | Unspecified vulnerability in Google Android The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28029010. | 7.8 |
| 2016-06-13 | CVE-2016-2466 | Unspecified vulnerability in Google Android The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka internal bug 27947307. | 7.8 |
| 2016-06-13 | CVE-2016-2465 | Unspecified vulnerability in Google Android The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407865. | 7.8 |
| 2016-06-13 | CVE-2016-2464 | Improper Input Validation vulnerability in Google Android libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726. | 7.8 |
| 2016-06-13 | CVE-2016-2463 | Numeric Errors vulnerability in Google Android Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation, aka internal bug 27855419. | 8.4 |
| 2016-05-09 | CVE-2016-4477 | Data Processing Errors vulnerability in Google Android wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command. | 7.8 |
| 2016-05-09 | CVE-2016-2462 | Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1 OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173. | 7.0 |
| 2016-05-09 | CVE-2016-2461 | Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1 OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681. | 7.0 |
| 2016-05-09 | CVE-2016-2460 | Information Exposure vulnerability in Google Android mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27555981. | 5.5 |