Filtered by vendor Google
Subscribe
Total
10294 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-3763 | 1 Google | 1 Android | 2016-07-12 | 5.0 MEDIUM | 3.3 LOW |
net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919. | |||||
CVE-2016-3762 | 1 Google | 1 Android | 2016-07-12 | 9.3 HIGH | 7.8 HIGH |
The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application that uses (1) the AF_MSM_IPC socket class or (2) another socket class that is unrecognized by SELinux, aka internal bug 28612709. | |||||
CVE-2016-3761 | 1 Google | 1 Android | 2016-07-12 | 2.1 LOW | 4.0 MEDIUM |
NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969. | |||||
CVE-2016-3760 | 1 Google | 1 Android | 2016-07-12 | 5.4 MEDIUM | 7.5 HIGH |
Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683. | |||||
CVE-2016-3758 | 1 Google | 1 Android | 2016-07-12 | 9.3 HIGH | 7.8 HIGH |
Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides a long filename, aka internal bug 27840771. | |||||
CVE-2016-3759 | 1 Google | 1 Android | 2016-07-12 | 5.0 MEDIUM | 3.3 LOW |
The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080. | |||||
CVE-2016-2508 | 1 Google | 1 Android | 2016-07-12 | 9.3 HIGH | 7.8 HIGH |
media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28799341. | |||||
CVE-2016-2507 | 1 Google | 1 Android | 2016-07-12 | 9.3 HIGH | 7.8 HIGH |
Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28532266. | |||||
CVE-2016-2505 | 1 Google | 1 Android | 2016-07-12 | 9.3 HIGH | 7.8 HIGH |
mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28333006. | |||||
CVE-2014-9803 | 2 Google, Linux | 2 Android, Linux Kernel | 2016-07-12 | 9.3 HIGH | 7.8 HIGH |
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020. | |||||
CVE-2016-2502 | 1 Google | 1 Android | 2016-07-11 | 9.3 HIGH | 7.8 HIGH |
drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSER_IOCTL ioctl call, aka Android internal bug 27657963 and Qualcomm internal bug CR997044. | |||||
CVE-2016-3742 | 1 Google | 1 Android | 2016-07-11 | 7.5 HIGH | 9.8 CRITICAL |
decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659. | |||||
CVE-2016-2501 | 1 Google | 1 Android | 2016-07-11 | 9.3 HIGH | 7.8 HIGH |
The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 27890772 and Qualcomm internal bug CR1001092. | |||||
CVE-2016-3749 | 1 Google | 1 Android | 2016-07-11 | 4.6 MEDIUM | 8.4 HIGH |
server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 28163930. | |||||
CVE-2016-2503 | 1 Google | 1 Android | 2016-07-11 | 9.3 HIGH | 7.8 HIGH |
The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28084795 and Qualcomm internal bug CR1006067. | |||||
CVE-2016-3752 | 1 Google | 1 Android | 2016-07-11 | 7.5 HIGH | 7.8 HIGH |
internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423. | |||||
CVE-2016-3744 | 1 Google | 1 Android | 2016-07-11 | 4.3 MEDIUM | 7.5 HIGH |
Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to gain privileges via a crafted pairing operation, aka internal bug 27930580. | |||||
CVE-2016-3748 | 1 Google | 1 Android | 2016-07-11 | 7.5 HIGH | 8.4 HIGH |
The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804. | |||||
CVE-2016-3743 | 1 Google | 1 Android | 2016-07-11 | 7.5 HIGH | 9.8 CRITICAL |
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656. | |||||
CVE-2016-3741 | 1 Google | 1 Android | 2016-07-11 | 7.5 HIGH | 9.8 CRITICAL |
The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661. |