Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2016-04-18 CVE-2016-2413 Permissions, Privileges, and Access Controls vulnerability in Google Android
media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627.
local
low complexity
google CWE-264
7.8
2016-04-18 CVE-2016-2412 Permissions, Privileges, and Access Controls vulnerability in Google Android
include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930.
local
low complexity
google CWE-264
7.8
2016-04-18 CVE-2016-2411 Improper Input Validation vulnerability in Google Android 6.0/6.0.1
A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053.
local
low complexity
google CWE-20
6.5
2016-04-18 CVE-2016-2410 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677.
local
high complexity
google CWE-264
7.4
2016-04-18 CVE-2016-2409 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545.
network
high complexity
google CWE-264
8.1
2016-04-18 CVE-2016-1503 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.
network
low complexity
dhcpcd-project google CWE-119
critical
9.8
2016-04-18 CVE-2016-0850 Permissions, Privileges, and Access Controls vulnerability in Google Android
The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to bypass intended pairing restrictions via a crafted device, aka internal bug 26551752.
low complexity
google CWE-264
8.8
2016-04-18 CVE-2016-0849 Numeric Errors vulnerability in Google Android
Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26960931.
local
low complexity
google CWE-189
8.4
2016-04-18 CVE-2016-0848 Race Condition vulnerability in Google Android
Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054.
local
low complexity
google CWE-362
8.4
2016-04-18 CVE-2016-0847 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502.
local
low complexity
google CWE-264
8.4