Vulnerabilities > Google > Android > High

DATE CVE VULNERABILITY TITLE RISK
2016-05-09 CVE-2016-2436 Permissions, Privileges, and Access Controls vulnerability in Google Android
The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27299111.
local
low complexity
google CWE-264
7.8
2016-05-09 CVE-2016-2435 Permissions, Privileges, and Access Controls vulnerability in Google Android
The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27297988.
local
low complexity
google CWE-264
7.8
2016-05-09 CVE-2016-2434 Permissions, Privileges, and Access Controls vulnerability in Google Android
The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090.
local
low complexity
google CWE-264
7.8
2016-05-09 CVE-2016-2432 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059.
local
low complexity
google CWE-264
7.8
2016-05-09 CVE-2016-2431 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.
local
low complexity
google CWE-264
7.8
2016-05-09 CVE-2016-2430 Permissions, Privileges, and Access Controls vulnerability in Google Android
libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236.
local
low complexity
google CWE-264
7.8
2016-05-09 CVE-2016-2060 Permissions, Privileges, and Access Controls vulnerability in Google Android
server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application.
local
low complexity
google CWE-264
7.8
2016-05-05 CVE-2016-2059 Improper Privilege Management vulnerability in multiple products
The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls.
local
high complexity
linux google CWE-269
7.0
2016-04-18 CVE-2016-2422 Permissions, Privileges, and Access Controls vulnerability in Google Android
Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324357.
local
low complexity
google CWE-264
7.8
2016-04-18 CVE-2016-2420 Permissions, Privileges, and Access Controls vulnerability in Google Android
rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620.
local
low complexity
google CWE-264
7.8