Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-05 | CVE-2016-3852 | Information Exposure vulnerability in Google Android The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738. | 4.3 |
| 2016-08-05 | CVE-2016-3850 | Permissions, Privileges, and Access Controls vulnerability in Google Android Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug CR945164. | 6.9 |
| 2016-08-05 | CVE-2016-3849 | Permissions, Privileges, and Access Controls vulnerability in Google Android The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740. | 6.9 |
| 2016-08-05 | CVE-2016-3847 | Permissions, Privileges, and Access Controls vulnerability in Google Android The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433. | 6.9 |
| 2016-08-05 | CVE-2016-3839 | Improper Access Control vulnerability in Google Android Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210. | 4.3 |
| 2016-08-05 | CVE-2016-3838 | Improper Access Control vulnerability in Google Android 6.0/6.0.1 Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672. | 4.3 |
| 2016-08-05 | CVE-2016-3837 | Information Exposure vulnerability in Google Android service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too few characters, aka internal bug 28164077. | 4.3 |
| 2016-08-05 | CVE-2016-3836 | Information Exposure vulnerability in Google Android The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402. | 4.3 |
| 2016-08-05 | CVE-2016-3835 | Information Exposure vulnerability in Google Android The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116. | 4.3 |
| 2016-08-05 | CVE-2016-3834 | Information Exposure vulnerability in Google Android The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701. | 4.3 |