Vulnerabilities > Google > Android > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-10-10 CVE-2016-3927 Unspecified vulnerability in Google Android
Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244.
network
low complexity
google
critical
9.8
2016-10-10 CVE-2016-3929 Unspecified vulnerability in Google Android
Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823675.
network
low complexity
google
critical
9.8
2016-09-11 CVE-2016-3877 Unspecified vulnerability in Google Android
Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors.
network
low complexity
google
critical
9.8
2016-08-30 CVE-2016-5344 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c.
network
low complexity
google linux CWE-190
critical
9.8
2016-08-05 CVE-2014-9902 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.
network
low complexity
google CWE-119
critical
9.8
2016-08-05 CVE-2016-3819 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28533562.
network
low complexity
google CWE-119
critical
9.8
2016-08-05 CVE-2016-3820 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1
The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410.
network
low complexity
google CWE-119
critical
9.8
2016-08-05 CVE-2016-3821 NULL Pointer Dereference vulnerability in Google Android
libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152.
network
low complexity
google CWE-476
critical
9.8
2016-08-05 CVE-2016-3840 Permissions, Privileges, and Access Controls vulnerability in Google Android
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.
network
low complexity
google CWE-264
critical
9.8
2016-07-11 CVE-2016-2506 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045.
network
low complexity
google CWE-119
critical
9.8