Vulnerabilities > Google > Android > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-03-12 CVE-2016-0816 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1
mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803.
network
low complexity
google CWE-119
critical
9.8
2016-03-12 CVE-2016-1621 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.
network
low complexity
google CWE-119
critical
9.8
2016-03-03 CVE-2016-0705 Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
network
low complexity
oracle openssl google canonical debian
critical
9.8
2016-02-07 CVE-2016-0801 Improper Input Validation vulnerability in multiple products
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.
network
low complexity
apple google CWE-20
critical
9.8
2016-02-07 CVE-2016-0803 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794.
network
low complexity
google CWE-119
critical
9.8
2016-02-07 CVE-2016-0804 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434.
network
low complexity
google CWE-119
critical
9.8
2016-01-06 CVE-2015-6636 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.
network
low complexity
google CWE-119
critical
9.8
2016-01-06 CVE-2015-6642 Permissions, Privileges, and Access Controls vulnerability in Google Android 5.1.0/6.0/6.0.1
The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888.
network
low complexity
google CWE-264
critical
9.8