Vulnerabilities > Google > Android > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-05 | CVE-2016-3826 | Improper Input Validation vulnerability in Google Android services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553. | 7.8 |
| 2016-08-05 | CVE-2016-3825 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964. | 7.8 |
| 2016-08-05 | CVE-2016-3824 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827. | 7.8 |
| 2016-08-05 | CVE-2016-3823 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329. | 7.8 |
| 2016-08-05 | CVE-2016-3822 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315. | 7.8 |
| 2016-08-05 | CVE-2016-2504 | Permissions, Privileges, and Access Controls vulnerability in Google Android The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974. | 7.8 |
| 2016-08-05 | CVE-2016-2497 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489. | 7.3 |
| 2016-08-05 | CVE-2014-9901 | Improper Access Control vulnerability in Google Android The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711. | 7.5 |
| 2016-07-11 | CVE-2016-3811 | Permissions, Privileges, and Access Controls vulnerability in Google Android The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556. | 7.8 |
| 2016-07-11 | CVE-2016-3808 | Permissions, Privileges, and Access Controls vulnerability in Google Android The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009. | 7.8 |