Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-08-05 CVE-2016-3839 Improper Access Control vulnerability in Google Android
Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210.
network
google CWE-284
4.3
2016-08-05 CVE-2016-3838 Improper Access Control vulnerability in Google Android 6.0/6.0.1
Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672.
network
google CWE-284
4.3
2016-08-05 CVE-2016-3837 Information Exposure vulnerability in Google Android
service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too few characters, aka internal bug 28164077.
network
google CWE-200
4.3
2016-08-05 CVE-2016-3836 Information Exposure vulnerability in Google Android
The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402.
network
google CWE-200
4.3
2016-08-05 CVE-2016-3835 Information Exposure vulnerability in Google Android
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116.
network
google CWE-200
4.3
2016-08-05 CVE-2016-3834 Information Exposure vulnerability in Google Android
The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701.
network
google CWE-200
4.3
2016-08-05 CVE-2016-3831 Improper Input Validation vulnerability in Google Android
The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a "Year 2038 problem."
network
low complexity
google CWE-20
5.0
2016-08-05 CVE-2016-3826 Improper Input Validation vulnerability in Google Android
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553.
local
low complexity
google CWE-20
4.6
2016-08-05 CVE-2016-3825 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964.
local
low complexity
google CWE-119
4.6
2016-08-05 CVE-2016-3824 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827.
local
low complexity
google CWE-119
4.6