Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Google Subscribe
Total 10294 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3755 1 Google 1 Android 2016-07-11 7.8 HIGH 7.5 HIGH
decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28470138.
CVE-2016-3751 2 Google, Libpng 2 Android, Libpng 2016-07-11 7.5 HIGH 7.8 HIGH
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
CVE-2016-3753 1 Google 1 Android 2016-07-11 5.0 MEDIUM 7.5 HIGH
mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via unspecified vectors, aka internal bug 27210135.
CVE-2016-3750 1 Google 1 Android 2016-07-11 7.5 HIGH 7.8 HIGH
libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted application, aka internal bug 28395952.
CVE-2016-3756 1 Google 1 Android 2016-07-11 7.8 HIGH 7.5 HIGH
Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28556125.
CVE-2016-3746 1 Google 1 Android 2016-07-11 7.5 HIGH 7.8 HIGH
Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27890802.
CVE-2016-3757 1 Google 1 Android 2016-07-11 5.9 MEDIUM 7.0 HIGH
The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237. NOTE: print_maps is not related to the Vic Abell lsof product.
CVE-2016-3745 1 Google 1 Android 2016-07-11 7.5 HIGH 9.8 CRITICAL
Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28173666.
CVE-2016-2506 1 Google 1 Android 2016-07-11 10.0 HIGH 9.8 CRITICAL
DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045.
CVE-2014-9798 1 Google 1 Android 2016-07-11 7.1 HIGH 5.5 MEDIUM
platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965.
CVE-2015-8893 1 Google 1 Android 2016-07-11 4.3 MEDIUM 5.5 MEDIUM
app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.
CVE-2013-7457 1 Google 1 Android 2016-07-11 10.0 HIGH 7.8 HIGH
Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
CVE-2016-3754 1 Google 1 Android 2016-07-11 7.8 HIGH 7.5 HIGH
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448.
CVE-2014-6060 2 Dhcpcd Project, Google 2 Dhcpcd, Android 2016-06-23 3.3 LOW N/A
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.
CVE-2016-2492 1 Google 2 Android, Android One 2016-06-16 9.3 HIGH 7.8 HIGH
The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410.
CVE-2016-2500 1 Google 1 Android 2016-06-15 4.3 MEDIUM 5.5 MEDIUM
Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814.
CVE-2016-2493 1 Google 1 Android 2016-06-14 9.3 HIGH 7.8 HIGH
The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522.
CVE-2016-2490 1 Google 1 Android 2016-06-14 9.3 HIGH 7.8 HIGH
The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373.
CVE-2016-2488 1 Google 1 Android 2016-06-14 9.3 HIGH 7.8 HIGH
The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27600832.
CVE-2016-2489 1 Google 1 Android 2016-06-14 9.3 HIGH 7.8 HIGH
The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407629.