Vulnerabilities > Google > Android > Low

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-3544 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking).
network
high complexity
oracle redhat debian google
3.7
2017-01-12 CVE-2016-6770 Improper Access Control vulnerability in Google Android
An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level.
local
low complexity
google CWE-284
3.3
2016-09-11 CVE-2016-3888 Permissions, Privileges, and Access Controls vulnerability in Google Android
internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123.
low complexity
google CWE-264
2.1
2016-07-11 CVE-2016-3763 Improper Input Validation vulnerability in Google Android
net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919.
local
low complexity
google CWE-20
3.3
2016-07-11 CVE-2016-3759 Information Exposure vulnerability in Google Android
The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080.
local
low complexity
google CWE-200
3.3
2016-01-06 CVE-2015-6641 Information Exposure vulnerability in Google Android 6.0
Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.
high complexity
google CWE-200
3.1
2016-01-06 CVE-2015-6644 Information Exposure vulnerability in Google Android
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
local
low complexity
google CWE-200
3.3