Vulnerabilities > Google > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-08-05 CVE-2016-3820 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1
The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410.
network
low complexity
google CWE-119
critical
9.8
2016-08-05 CVE-2016-3819 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28533562.
network
low complexity
google CWE-119
critical
9.8
2016-08-05 CVE-2014-9902 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.
network
low complexity
google CWE-119
critical
9.8
2016-07-23 CVE-2016-1706 Improper Input Validation vulnerability in Google Chrome
The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.
network
low complexity
google CWE-20
critical
9.6
2016-07-11 CVE-2016-3745 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28173666.
network
low complexity
google CWE-119
critical
9.8
2016-07-11 CVE-2016-3743 Improper Input Validation vulnerability in Google Android 6.0/6.0.1
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656.
network
low complexity
google CWE-20
critical
9.8
2016-07-11 CVE-2016-3742 Improper Input Validation vulnerability in Google Android 6.0/6.0.1
decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659.
network
low complexity
google CWE-20
critical
9.8
2016-07-11 CVE-2016-3741 Improper Input Validation vulnerability in Google Android 6.0/6.0.1
The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661.
network
low complexity
google CWE-20
critical
9.8
2016-07-11 CVE-2016-2506 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045.
network
low complexity
google CWE-119
critical
9.8
2016-06-13 CVE-2016-2496 Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 6.0/6.0.1
The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796.
network
low complexity
google CWE-1021
critical
9.8