Vulnerabilities > Google > Android > High

DATE CVE VULNERABILITY TITLE RISK
2016-08-05 CVE-2016-3833 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3832 Permissions, Privileges, and Access Controls vulnerability in Google Android
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3831 Improper Input Validation vulnerability in Google Android
The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a "Year 2038 problem."
network
low complexity
google CWE-20
7.5
2016-08-05 CVE-2016-3826 Improper Input Validation vulnerability in Google Android
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553.
local
low complexity
google CWE-20
7.8
2016-08-05 CVE-2016-3825 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964.
local
low complexity
google CWE-119
7.8
2016-08-05 CVE-2016-3824 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827.
local
low complexity
google CWE-119
7.8
2016-08-05 CVE-2016-3823 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329.
local
low complexity
google CWE-119
7.8
2016-08-05 CVE-2016-3822 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.
local
low complexity
google debian CWE-119
7.8
2016-08-05 CVE-2016-2504 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-2497 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489.
network
low complexity
google CWE-119
7.3