Vulnerabilities > Google > Android > High

DATE CVE VULNERABILITY TITLE RISK
2016-07-11 CVE-2016-3756 Improper Input Validation vulnerability in Google Android
Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28556125.
network
low complexity
google CWE-20
7.5
2016-07-11 CVE-2016-3755 Improper Input Validation vulnerability in Google Android 6.0/6.0.1
decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28470138.
network
low complexity
google CWE-20
7.5
2016-07-11 CVE-2016-3754 Resource Management Errors vulnerability in Google Android
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448.
network
low complexity
google CWE-399
7.5
2016-07-11 CVE-2016-3753 Information Exposure vulnerability in Google Android
mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via unspecified vectors, aka internal bug 27210135.
network
low complexity
google CWE-200
7.5
2016-07-11 CVE-2016-3752 7PK - Security Features vulnerability in Google Android 6.0/6.0.1
internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423.
local
low complexity
google CWE-254
7.8
2016-07-11 CVE-2016-3751 Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
local
low complexity
libpng google
7.8
2016-07-11 CVE-2016-3750 Improper Input Validation vulnerability in Google Android
libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted application, aka internal bug 28395952.
local
low complexity
google CWE-20
7.8
2016-07-11 CVE-2016-3749 Credentials Management vulnerability in Google Android 6.0/6.0.1
server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 28163930.
local
low complexity
google CWE-255
8.4
2016-07-11 CVE-2016-3748 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804.
local
low complexity
google CWE-264
8.4
2016-07-11 CVE-2016-3747 Unspecified vulnerability in Google Android
Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27903498.
local
low complexity
google
7.8