Vulnerabilities > Google > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-04-18 | CVE-2016-1651 | Information Exposure vulnerability in multiple products fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document. | 8.1 |
2016-04-18 | CVE-2016-2422 | Permissions, Privileges, and Access Controls vulnerability in Google Android Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324357. | 7.8 |
2016-04-18 | CVE-2016-2420 | Permissions, Privileges, and Access Controls vulnerability in Google Android rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620. | 7.8 |
2016-04-18 | CVE-2016-2413 | Permissions, Privileges, and Access Controls vulnerability in Google Android media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627. | 7.8 |
2016-04-18 | CVE-2016-2412 | Permissions, Privileges, and Access Controls vulnerability in Google Android include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930. | 7.8 |
2016-04-18 | CVE-2016-2410 | Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1 A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677. | 7.4 |
2016-04-18 | CVE-2016-2409 | Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1 A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545. | 8.1 |
2016-04-18 | CVE-2016-0850 | Permissions, Privileges, and Access Controls vulnerability in Google Android The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to bypass intended pairing restrictions via a crafted device, aka internal bug 26551752. | 8.8 |
2016-04-18 | CVE-2016-0849 | Numeric Errors vulnerability in Google Android Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26960931. | 8.4 |
2016-04-18 | CVE-2016-0848 | Race Condition vulnerability in Google Android Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054. | 8.4 |