Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2016-04-18 CVE-2016-0847 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502.
local
low complexity
google CWE-264
8.4
2016-04-18 CVE-2016-0846 Permissions, Privileges, and Access Controls vulnerability in Google Android
libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992.
local
low complexity
google CWE-264
8.4
2016-04-18 CVE-2016-0844 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307.
local
low complexity
google CWE-264
8.4
2016-04-18 CVE-2016-0843 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197.
local
low complexity
google CWE-264
8.4
2016-04-18 CVE-2016-0842 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1
The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25818142.
local
low complexity
google CWE-119
8.4
2016-04-18 CVE-2016-0840 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1
Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350.
local
low complexity
google CWE-119
8.4
2016-04-18 CVE-2016-0836 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1
Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590.
local
low complexity
google CWE-119
7.8
2016-04-18 CVE-2016-0834 Improper Input Validation vulnerability in Google Android 6.0/6.0.1
An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548.
local
low complexity
google CWE-20
8.4
2016-03-29 CVE-2016-3679 Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google canonical opensuse
8.8
2016-03-29 CVE-2016-1650 The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document.
network
low complexity
opensuse debian google
8.8