Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2016-02-07 CVE-2016-0808 Data Processing Errors vulnerability in Google Android
Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298.
local
low complexity
google CWE-19
4.9
2016-02-07 CVE-2016-0807 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.
local
low complexity
google CWE-264
7.2
2016-02-07 CVE-2016-0806 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453.
local
low complexity
google CWE-264
7.2
2016-02-07 CVE-2016-0805 Permissions, Privileges, and Access Controls vulnerability in Google Android
The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204.
local
low complexity
google CWE-264
7.2
2016-02-07 CVE-2016-0804 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434.
network
low complexity
google CWE-119
critical
10.0
2016-02-07 CVE-2016-0803 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794.
network
low complexity
google CWE-119
critical
10.0
2016-02-07 CVE-2016-0802 Improper Input Validation vulnerability in multiple products
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181.
low complexity
google apple CWE-20
8.3
2016-02-07 CVE-2016-0801 Improper Input Validation vulnerability in multiple products
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.
low complexity
apple google CWE-20
8.3
2016-01-31 CVE-2016-1948 Cryptographic Issues vulnerability in multiple products
Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream.
4.3
2016-01-31 CVE-2016-1943 Code vulnerability in multiple products
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
4.3