Total
6434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3881 | 1 Google | 1 Android | 2017-08-12 | 7.1 HIGH | 5.5 MEDIUM |
| The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and device hang or reboot) via a crafted media file, aka internal bug 30013856. | |||||
| CVE-2016-3883 | 1 Google | 1 Android | 2017-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attackers to spoof the premium-payment confirmation dialog via a crafted application, aka internal bug 28557603. | |||||
| CVE-2016-3884 | 1 Google | 1 Android | 2017-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug 29421441. | |||||
| CVE-2016-3885 | 1 Google | 1 Android | 2017-08-12 | 9.3 HIGH | 7.8 HIGH |
| debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal bug 29555636. | |||||
| CVE-2016-3886 | 1 Google | 1 Android | 2017-08-12 | 7.2 HIGH | 6.8 MEDIUM |
| systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate attackers to gain privileges by modifying a setting, aka internal bug 30107438. | |||||
| CVE-2016-3887 | 1 Google | 1 Android | 2017-08-12 | 6.8 MEDIUM | 7.8 HIGH |
| providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOW_CONFIG_VPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712. | |||||
| CVE-2016-3888 | 1 Google | 1 Android | 2017-08-12 | 2.1 LOW | 2.1 LOW |
| internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123. | |||||
| CVE-2016-3889 | 1 Google | 1 Android | 2017-08-12 | 7.2 HIGH | 6.8 MEDIUM |
| Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a system application, (2) the help feature, or (3) the Settings application during a pre-setup stage, aka internal bug 29194585. | |||||
| CVE-2016-3890 | 1 Google | 1 Android | 2017-08-12 | 7.6 HIGH | 7.0 HIGH |
| The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842. | |||||
| CVE-2016-3893 | 1 Google | 1 Android | 2017-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29512527 and Qualcomm internal bug CR856400. | |||||
| CVE-2016-3894 | 1 Google | 1 Android | 2017-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29618014 and Qualcomm internal bug CR1042033. | |||||
| CVE-2016-3895 | 1 Google | 1 Android | 2017-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260. | |||||
| CVE-2016-3896 | 1 Google | 1 Android | 2017-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted application, aka internal bug 29767043. | |||||
| CVE-2016-3897 | 1 Google | 1 Android | 2017-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the return value of a toString method call, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25624963. | |||||
| CVE-2016-3898 | 1 Google | 1 Android | 2017-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service (loss of locked-screen 911 TTY functionality) via a crafted application that modifies the TTY mode by broadcasting an intent, aka internal bug 29832693. | |||||
| CVE-2016-3899 | 1 Google | 1 Android | 2017-08-12 | 7.1 HIGH | 5.5 MEDIUM |
| OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29421811. | |||||
| CVE-2015-3839 | 1 Google | 1 Android | 2017-08-09 | 2.1 LOW | 5.5 MEDIUM |
| The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash). | |||||
| CVE-2017-2278 | 3 Apple, Google, Iid | 3 Iphone Os, Android, Rbb Speed Test | 2017-08-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-3742 | 3 Google, Lenovo, Microsoft | 3 Android, Connect2, Windows | 2017-07-26 | 2.3 LOW | 4.8 MEDIUM |
| In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems. | |||||
| CVE-2017-0414 | 1 Google | 1 Android | 2017-07-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795. | |||||