Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2016-10-10 CVE-2016-3932 Permissions, Privileges, and Access Controls vulnerability in Google Android
mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 29161895 and MediaTek internal bug ALPS02770870.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3931 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29157595 and Qualcomm internal bug CR 1036418.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3930 Permissions, Privileges, and Access Controls vulnerability in Google Android
The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3928 Permissions, Privileges, and Access Controls vulnerability in Google Android
The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019362 and MediaTek internal bug ALPS02829384.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3922 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1/7.0
libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka internal bug 30202619.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3921 Permissions, Privileges, and Access Controls vulnerability in Google Android
libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 29831647.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3917 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0.1/7.0
The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attackers to authenticate as an arbitrary user by leveraging lockscreen access, aka internal bug 30744668.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3916 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30741779.
local
low complexity
google CWE-119
7.8
2016-10-10 CVE-2016-3915 Permissions, Privileges, and Access Controls vulnerability in Google Android
camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30591838.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3914 Race Condition vulnerability in Google Android
Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application that modifies a database between two open operations, aka internal bug 30481342.
local
low complexity
google CWE-362
7.8