Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2016-09-11 CVE-2016-3870 Permissions, Privileges, and Access Controls vulnerability in Google Android
omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not prevent input-port changes, which allows attackers to gain privileges via a crafted application, aka internal bug 29421804.
local
low complexity
google CWE-264
7.8
2016-09-11 CVE-2016-3869 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#96070.
local
low complexity
google CWE-264
7.8
2016-09-11 CVE-2016-3868 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm internal bug CR1032875.
local
low complexity
google CWE-264
7.8
2016-09-11 CVE-2016-3867 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28919863 and Qualcomm internal bug CR1037897.
local
low complexity
google CWE-264
7.8
2016-09-11 CVE-2016-3866 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm internal bug CR1032820.
local
low complexity
google CWE-264
7.8
2016-09-11 CVE-2016-3865 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389.
local
low complexity
google CWE-264
7.8
2016-09-11 CVE-2016-3864 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28823714 and Qualcomm internal bug CR913117.
local
low complexity
google CWE-264
7.8
2016-09-11 CVE-2016-3863 Improper Access Control vulnerability in Google Android
Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a crafted media file, aka internal bug 29161888.
local
low complexity
google CWE-284
7.8
2016-09-11 CVE-2016-3862 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjhead_jni, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 29270469.
local
low complexity
google CWE-119
7.8
2016-09-11 CVE-2016-3861 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543.
local
low complexity
google CWE-119
7.8