Vulnerabilities > Google > Android > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-01-27 CVE-2016-8411 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Buffer overflow vulnerability while processing QMI QOS TLVs.
network
low complexity
google CWE-119
critical
9.8
2016-11-25 CVE-2016-6725 Improper Access Control vulnerability in Google Android
A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel.
network
low complexity
google CWE-284
critical
9.8
2016-10-31 CVE-2016-7990 7PK - Errors vulnerability in Google Android
On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.
network
low complexity
google CWE-388
critical
9.8
2016-10-10 CVE-2016-6691 Encoding Error vulnerability in Google Android
service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05 allows remote attackers to cause a denial of service (framework crash) or possibly have unspecified other impact via an access point that has a malformed SSID with GBK encoding, aka Qualcomm internal bug CR 978452.
network
low complexity
google CWE-172
critical
9.8
2016-10-10 CVE-2016-6692 NULL Pointer Dereference vulnerability in Google Android
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via unknown vectors, aka Qualcomm internal bug CR 1004933.
network
low complexity
google CWE-476
critical
9.8
2016-10-10 CVE-2016-6693 Improper Input Validation vulnerability in Google Android
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via an invalid data length, aka Qualcomm internal bug CR 1027585.
network
low complexity
google CWE-20
critical
9.8
2016-10-10 CVE-2016-6694 Improper Input Validation vulnerability in Google Android
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via crafted parameter data, aka Qualcomm internal bug CR 1033525.
network
low complexity
google CWE-20
critical
9.8
2016-10-10 CVE-2016-6695 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted visualizer data length, aka Qualcomm internal bug CR 1033540.
network
low complexity
google CWE-119
critical
9.8
2016-10-10 CVE-2016-6696 Improper Input Validation vulnerability in Google Android
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a large negative value for the data length, aka Qualcomm internal bug CR 1041130.
network
low complexity
google CWE-20
critical
9.8
2016-10-10 CVE-2016-3926 Unspecified vulnerability in Google Android
Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953.
network
low complexity
google
critical
9.8