Vulnerabilities > Google > Android
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-12 | CVE-2016-0828 | 7PK - Security Features vulnerability in Google Android The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113. | 7.5 |
| 2016-03-12 | CVE-2016-0827 | Numeric Errors vulnerability in Google Android Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509. | 7.8 |
| 2016-03-12 | CVE-2016-0826 | Permissions, Privileges, and Access Controls vulnerability in Google Android libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403. | 7.8 |
| 2016-03-12 | CVE-2016-0825 | 7PK - Security Features vulnerability in Google Android 6.0.1 The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039. | 5.3 |
| 2016-03-12 | CVE-2016-0824 | 7PK - Security Features vulnerability in Google Android 6.0/6.0.1 libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591. | 5.3 |
| 2016-03-12 | CVE-2016-0823 | Information Exposure vulnerability in multiple products The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. | 4.0 |
| 2016-03-12 | CVE-2016-0822 | Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0.1 The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. | 7.0 |
| 2016-03-12 | CVE-2016-0821 | Use of Uninitialized Resource vulnerability in multiple products The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. | 5.5 |
| 2016-03-12 | CVE-2016-0820 | Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0.1 The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. | 7.8 |
| 2016-03-12 | CVE-2016-0819 | Permissions, Privileges, and Access Controls vulnerability in Google Android The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. | 7.8 |