Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2016-02-08 CVE-2016-0728 The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
local
low complexity
google hp linux debian canonical
7.8
2016-02-07 CVE-2016-0813 Permissions, Privileges, and Access Controls vulnerability in Google Android
packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check for device provisioning, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25476219.
low complexity
google CWE-264
6.1
2016-02-07 CVE-2016-0812 Permissions, Privileges, and Access Controls vulnerability in Google Android
The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25229538.
low complexity
google CWE-264
6.1
2016-02-07 CVE-2016-0811 Information Exposure vulnerability in Google Android 6.0/6.0.1
Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375.
network
low complexity
google CWE-200
7.5
2016-02-07 CVE-2016-0810 Permissions, Privileges, and Access Controls vulnerability in Google Android
media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25781119.
local
low complexity
google CWE-264
7.8
2016-02-07 CVE-2016-0809 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal bug 25753768.
low complexity
google CWE-264
8.8
2016-02-07 CVE-2016-0808 Data Processing Errors vulnerability in Google Android
Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298.
local
low complexity
google CWE-19
6.2
2016-02-07 CVE-2016-0807 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.
local
low complexity
google CWE-264
8.4
2016-02-07 CVE-2016-0806 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453.
local
low complexity
google CWE-264
8.4
2016-02-07 CVE-2016-0805 Permissions, Privileges, and Access Controls vulnerability in Google Android
The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204.
local
low complexity
google CWE-264
8.4