Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2016-05-09 CVE-2016-2434 Permissions, Privileges, and Access Controls vulnerability in Google Android
The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090.
local
low complexity
google CWE-264
7.8
2016-05-09 CVE-2016-2432 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059.
local
low complexity
google CWE-264
7.8
2016-05-09 CVE-2016-2431 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.
local
low complexity
google CWE-264
7.8
2016-05-09 CVE-2016-2430 Permissions, Privileges, and Access Controls vulnerability in Google Android
libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236.
local
low complexity
google CWE-264
7.8
2016-05-09 CVE-2016-2060 Permissions, Privileges, and Access Controls vulnerability in Google Android
server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application.
local
low complexity
google CWE-264
7.8
2016-05-05 CVE-2016-2062 Integer Overflow or Wraparound vulnerability in multiple products
The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call.
local
low complexity
linux google CWE-190
7.8
2016-05-05 CVE-2016-2059 Improper Privilege Management vulnerability in multiple products
The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls.
local
high complexity
linux google CWE-269
7.0
2016-04-18 CVE-2016-1656 Improper Access Control vulnerability in multiple products
The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.
network
low complexity
google suse opensuse CWE-284
7.5
2016-04-18 CVE-2016-1655 Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.
network
low complexity
debian suse opensuse google canonical
8.8
2016-04-18 CVE-2016-1653 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc.
network
low complexity
debian suse opensuse canonical google CWE-119
8.8