Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2016-07-11 CVE-2016-3747 Unspecified vulnerability in Google Android
Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27903498.
local
low complexity
google
7.8
2016-07-11 CVE-2016-3746 Unspecified vulnerability in Google Android
Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27890802.
local
low complexity
google
7.8
2016-07-11 CVE-2016-3744 Race Condition vulnerability in Google Android
Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to gain privileges via a crafted pairing operation, aka internal bug 27930580.
high complexity
google CWE-362
7.5
2016-07-11 CVE-2016-2508 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28799341.
local
low complexity
google CWE-119
7.8
2016-07-11 CVE-2016-2507 Numeric Errors vulnerability in Google Android
Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28532266.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2016-2505 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28333006.
local
low complexity
google CWE-119
7.8
2016-07-11 CVE-2016-2503 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28084795 and Qualcomm internal bug CR1006067.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2016-2502 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSER_IOCTL ioctl call, aka Android internal bug 27657963 and Qualcomm internal bug CR997044.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2016-2501 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 27890772 and Qualcomm internal bug CR1001092.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2016-2068 Integer Overflow or Wraparound vulnerability in multiple products
The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609.
local
low complexity
google linux CWE-190
7.8