CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-3885 264 +Priv 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal bug 29555636.
2 CVE-2016-3877 2016-09-11 2016-09-12
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors.
3 CVE-2016-3874 264 +Priv 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges via a crafted application that sends a WE_UNIT_TEST_CMD command, aka Android internal bug 29944562 and Qualcomm internal bug CR997797.
4 CVE-2016-3873 264 +Priv 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 29518457.
5 CVE-2016-3872 119 Overflow +Priv 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug 29421675.
6 CVE-2016-3871 264 Overflow +Priv 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka internal bug 29422022.
7 CVE-2016-3870 264 +Priv 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not prevent input-port changes, which allows attackers to gain privileges via a crafted application, aka internal bug 29421804.
8 CVE-2016-3869 264 +Priv 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#96070.
9 CVE-2016-3868 264 +Priv 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm internal bug CR1032875.
10 CVE-2016-3867 264 +Priv 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28919863 and Qualcomm internal bug CR1037897.
11 CVE-2016-3866 264 +Priv 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm internal bug CR1032820.
12 CVE-2016-3865 264 +Priv 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389.
13 CVE-2016-3864 264 +Priv 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28823714 and Qualcomm internal bug CR913117.
14 CVE-2016-3862 119 DoS Exec Code Overflow Mem. Corr. 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjhead_jni, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 29270469.
15 CVE-2016-3861 119 DoS Exec Code Overflow 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543.
16 CVE-2016-3859 264 +Priv 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28815326 and Qualcomm internal bug CR1034641.
17 CVE-2016-3858 119 Overflow +Priv 2016-09-11 2016-09-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the Qualcomm subsystem driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application that provides a long string, aka Android internal bug 28675151 and Qualcomm internal bug CR1022641.
18 CVE-2016-3857 264 +Priv 2016-08-05 2016-08-10
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.
19 CVE-2016-3851 264 +Priv 2016-08-05 2016-08-09
9.3
None Remote Medium Not required Complete Complete Complete
The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.
20 CVE-2016-3845 264 +Priv 2016-08-05 2016-08-08
9.3
None Remote Medium Not required Complete Complete Complete
The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.
21 CVE-2016-3844 264 +Priv 2016-08-05 2016-08-10
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.
22 CVE-2016-3843 264 Exec Code +Priv 2016-08-05 2016-08-10
9.3
None Remote Medium Not required Complete Complete Complete
Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.
23 CVE-2016-3842 264 +Priv 2016-08-05 2016-08-10
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.
24 CVE-2016-3840 264 Exec Code 2016-08-05 2016-08-16
10.0
None Remote Low Not required Complete Complete Complete
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.
25 CVE-2016-3833 264 Bypass 2016-08-05 2016-08-10
9.3
None Remote Medium Not required Complete Complete Complete
The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.
26 CVE-2016-3811 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556.
27 CVE-2016-3808 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009.
28 CVE-2016-3807 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196.
29 CVE-2016-3806 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341.
30 CVE-2016-3805 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412.
31 CVE-2016-3804 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410.
32 CVE-2016-3803 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434.
33 CVE-2016-3802 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28271368.
34 CVE-2016-3801 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek GPS driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174914 and MediaTek internal bug ALPS02688853.
35 CVE-2016-3800 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175027 and MediaTek internal bug ALPS02693739.
36 CVE-2016-3799 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175025 and MediaTek internal bug ALPS02693738.
37 CVE-2016-3798 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek hardware sensor driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174490 and MediaTek internal bug ALPS02703105.
38 CVE-2016-3797 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug CR1001450.
39 CVE-2016-3796 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29008443 and MediaTek internal bug ALPS02677244.
40 CVE-2016-3795 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085222 and MediaTek internal bug ALPS02677244.
41 CVE-2016-3793 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026625.
42 CVE-2016-3792 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles userspace data copying, which allows attackers to gain privileges via a crafted application, aka Android internal bug 27725204 and Qualcomm internal bug CR561022.
43 CVE-2016-3775 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X, Nexus 6, Nexus 6P, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28588279.
44 CVE-2016-3774 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008609 and MediaTek internal bug ALPS02703102.
45 CVE-2016-3773 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008363 and MediaTek internal bug ALPS02703102.
46 CVE-2016-3772 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008188 and MediaTek internal bug ALPS02703102.
47 CVE-2016-3771 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29007611 and MediaTek internal bug ALPS02703102.
48 CVE-2016-3770 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28346752 and MediaTek internal bug ALPS02703102.
49 CVE-2016-3769 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656.
50 CVE-2016-3768 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm performance component in Android before 2016-07-05 on Nexus 5, 6, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28172137 and Qualcomm internal bug CR1010644.
Total number of vulnerabilities : 523   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.