Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2016-04-18 CVE-2016-0848 Race Condition vulnerability in Google Android
Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054.
local
low complexity
google CWE-362
8.4
2016-04-18 CVE-2016-0847 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502.
local
low complexity
google CWE-264
8.4
2016-04-18 CVE-2016-0846 Permissions, Privileges, and Access Controls vulnerability in Google Android
libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992.
local
low complexity
google CWE-264
8.4
2016-04-18 CVE-2016-0844 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307.
local
low complexity
google CWE-264
8.4
2016-04-18 CVE-2016-0843 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197.
local
low complexity
google CWE-264
8.4
2016-04-18 CVE-2016-0842 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1
The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25818142.
local
low complexity
google CWE-119
8.4
2016-04-18 CVE-2016-0841 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840.
network
low complexity
google CWE-119
critical
9.8
2016-04-18 CVE-2016-0840 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1
Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350.
local
low complexity
google CWE-119
8.4
2016-04-18 CVE-2016-0839 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1
post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25753245.
network
low complexity
google CWE-119
critical
9.8
2016-04-18 CVE-2016-0838 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to arm-wt-22k/lib_src/eas_wtengine.c and arm-wt-22k/lib_src/eas_wtsynth.c, aka internal bug 26366256.
network
low complexity
google CWE-119
critical
9.8