Vulnerabilities > Google > Android > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-10 | CVE-2016-3917 | Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0.1/7.0 The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attackers to authenticate as an arbitrary user by leveraging lockscreen access, aka internal bug 30744668. | 7.8 |
| 2016-10-10 | CVE-2016-3916 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30741779. | 7.8 |
| 2016-10-10 | CVE-2016-3915 | Permissions, Privileges, and Access Controls vulnerability in Google Android camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30591838. | 7.8 |
| 2016-10-10 | CVE-2016-3914 | Race Condition vulnerability in Google Android Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application that modifies a database between two open operations, aka internal bug 30481342. | 7.8 |
| 2016-10-10 | CVE-2016-3913 | Permissions, Privileges, and Access Controls vulnerability in Google Android media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate a certain static_cast operation, which allows attackers to gain privileges via a crafted application, aka internal bug 30204103. | 7.8 |
| 2016-10-10 | CVE-2016-3912 | Permissions, Privileges, and Access Controls vulnerability in Google Android The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allow attackers to gain privileges via a crafted application, aka internal bug 30202481. | 7.8 |
| 2016-10-10 | CVE-2016-3911 | Permissions, Privileges, and Access Controls vulnerability in Google Android core/java/android/os/Process.java in Zygote in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30143607. | 7.8 |
| 2016-10-10 | CVE-2016-3910 | Permissions, Privileges, and Access Controls vulnerability in Google Android services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30148546. | 7.8 |
| 2016-10-10 | CVE-2016-3909 | Permissions, Privileges, and Access Controls vulnerability in Google Android The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30033990. | 7.8 |
| 2016-10-10 | CVE-2016-3905 | Permissions, Privileges, and Access Controls vulnerability in Google Android CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application that sends a SENDACTIONFRAME command, aka Android internal bug 28061823 and Qualcomm internal bug CR 1001449. | 7.8 |