Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2016-10-10 CVE-2016-3935 Integer Overflow or Wraparound vulnerability in Google Android
Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29999665 and Qualcomm internal bug CR 1046507.
local
low complexity
google CWE-190
7.8
2016-10-10 CVE-2016-3934 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka Android internal bug 30102557 and Qualcomm internal bug CR 789704.
local
low complexity
google CWE-119
7.8
2016-10-10 CVE-2016-3933 Permissions, Privileges, and Access Controls vulnerability in Google Android
mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 29421408.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3932 Permissions, Privileges, and Access Controls vulnerability in Google Android
mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 29161895 and MediaTek internal bug ALPS02770870.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3931 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29157595 and Qualcomm internal bug CR 1036418.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3930 Permissions, Privileges, and Access Controls vulnerability in Google Android
The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3928 Permissions, Privileges, and Access Controls vulnerability in Google Android
The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019362 and MediaTek internal bug ALPS02829384.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3922 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1/7.0
libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka internal bug 30202619.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3921 Permissions, Privileges, and Access Controls vulnerability in Google Android
libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 29831647.
local
low complexity
google CWE-264
7.8
2016-10-10 CVE-2016-3917 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0.1/7.0
The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attackers to authenticate as an arbitrary user by leveraging lockscreen access, aka internal bug 30744668.
local
low complexity
google CWE-264
7.8