Vulnerabilities > Google > Android > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-04-18 CVE-2016-2423 Permissions, Privileges, and Access Controls vulnerability in Google Android
server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187.
low complexity
google CWE-264
6.1
2016-04-18 CVE-2016-2421 Permissions, Privileges, and Access Controls vulnerability in Google Android
Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410.
low complexity
google CWE-264
6.1
2016-04-18 CVE-2016-2415 Information Exposure vulnerability in Google Android
exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request, aka internal bug 26488455.
local
low complexity
google CWE-200
5.5
2016-04-18 CVE-2016-2414 Improper Input Validation vulnerability in Google Android
The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) via a crafted font, aka internal bug 26413177.
local
low complexity
google CWE-20
6.2
2016-04-18 CVE-2016-2411 Improper Input Validation vulnerability in Google Android 6.0/6.0.1
A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053.
local
low complexity
google CWE-20
6.5
2016-03-12 CVE-2016-0832 7PK - Security Features vulnerability in Google Android
Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042.
low complexity
google CWE-254
6.1
2016-03-12 CVE-2016-0831 Information Exposure vulnerability in Google Android
The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215.
local
low complexity
google CWE-200
5.5
2016-03-12 CVE-2016-0830 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1
btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376.
low complexity
google CWE-119
6.5
2016-03-12 CVE-2016-0825 7PK - Security Features vulnerability in Google Android 6.0.1
The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039.
network
low complexity
google CWE-254
5.3
2016-03-12 CVE-2016-0824 7PK - Security Features vulnerability in Google Android 6.0/6.0.1
libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591.
network
low complexity
google CWE-254
5.3