Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2016-08-05 CVE-2016-3846 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378.
local
high complexity
google CWE-264
7.0
2016-08-05 CVE-2016-3845 Permissions, Privileges, and Access Controls vulnerability in Google Android
The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3844 Permissions, Privileges, and Access Controls vulnerability in Google Android
mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3843 Permissions, Privileges, and Access Controls vulnerability in Google Android
Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3842 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3833 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3832 Permissions, Privileges, and Access Controls vulnerability in Google Android
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.
local
low complexity
google CWE-264
7.8
2016-08-05 CVE-2016-3831 Improper Input Validation vulnerability in Google Android
The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a "Year 2038 problem."
network
low complexity
google CWE-20
7.5
2016-08-05 CVE-2016-3826 Improper Input Validation vulnerability in Google Android
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553.
local
low complexity
google CWE-20
7.8
2016-08-05 CVE-2016-3825 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964.
local
low complexity
google CWE-119
7.8