Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2016-03-12 CVE-2016-0831 Information Exposure vulnerability in Google Android
The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215.
local
low complexity
google CWE-200
5.5
2016-03-12 CVE-2016-0830 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1
btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376.
low complexity
google CWE-119
6.5
2016-03-12 CVE-2016-0829 7PK - Security Features vulnerability in Google Android
The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109.
network
low complexity
google CWE-254
7.5
2016-03-12 CVE-2016-0828 7PK - Security Features vulnerability in Google Android
The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113.
network
low complexity
google CWE-254
7.5
2016-03-12 CVE-2016-0827 Numeric Errors vulnerability in Google Android
Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509.
local
low complexity
google CWE-189
7.8
2016-03-12 CVE-2016-0826 Permissions, Privileges, and Access Controls vulnerability in Google Android
libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403.
local
low complexity
google CWE-264
7.8
2016-03-12 CVE-2016-0825 7PK - Security Features vulnerability in Google Android 6.0.1
The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039.
network
low complexity
google CWE-254
5.3
2016-03-12 CVE-2016-0824 7PK - Security Features vulnerability in Google Android 6.0/6.0.1
libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591.
network
low complexity
google CWE-254
5.3
2016-03-12 CVE-2016-0823 Information Exposure vulnerability in multiple products
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.
local
low complexity
google linux CWE-200
4.0
2016-03-12 CVE-2016-0822 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0.1
The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324.
local
high complexity
google CWE-264
7.0