CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-2422 264 +Priv 2016-04-17 2016-04-25
9.3
None Remote Medium Not required Complete Complete Complete
Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324357.
2 CVE-2016-2420 264 +Priv 2016-04-17 2016-04-22
9.3
None Remote Medium Not required Complete Complete Complete
rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620.
3 CVE-2016-2413 264 +Priv 2016-04-17 2016-04-21
9.3
None Remote Medium Not required Complete Complete Complete
media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627.
4 CVE-2016-2412 264 +Priv 2016-04-17 2016-04-22
9.3
None Remote Medium Not required Complete Complete Complete
include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930.
5 CVE-2016-2411 20 +Priv 2016-04-17 2016-04-19
9.3
None Remote Medium Not required Complete Complete Complete
A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053.
6 CVE-2016-2410 264 +Priv 2016-04-17 2016-04-20
6.9
None Local Medium Not required Complete Complete Complete
A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677.
7 CVE-2016-2409 264 +Priv 2016-04-17 2016-04-21
9.3
None Remote Medium Not required Complete Complete Complete
A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545.
8 CVE-2016-1906 264 +Priv 2016-02-03 2016-02-25
10.0
None Remote Low Not required Complete Complete Complete
The API server in Kubernetes might allow remote attackers to gain privileges by editing a build configuration to use a restricted strategy.
9 CVE-2016-0849 189 Overflow +Priv 2016-04-17 2016-04-20
7.2
None Local Low Not required Complete Complete Complete
Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26960931.
10 CVE-2016-0846 264 +Priv 2016-04-17 2016-04-20
7.2
None Local Low Not required Complete Complete Complete
libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992.
11 CVE-2016-0844 264 +Priv 2016-04-17 2016-04-20
7.2
None Local Low Not required Complete Complete Complete
The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307.
12 CVE-2016-0843 264 +Priv 2016-04-17 2016-04-20
7.2
None Local Low Not required Complete Complete Complete
The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197.
13 CVE-2016-0827 189 Overflow +Priv 2016-03-12 2016-03-21
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509.
14 CVE-2016-0826 264 +Priv 2016-03-12 2016-03-21
9.3
None Remote Medium Not required Complete Complete Complete
libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403.
15 CVE-2016-0822 264 +Priv 2016-03-12 2016-03-22
7.6
None Remote High Not required Complete Complete Complete
The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324.
16 CVE-2016-0820 264 +Priv 2016-03-12 2016-03-21
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358.
17 CVE-2016-0819 264 +Priv 2016-03-12 2016-03-21
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034.
18 CVE-2016-0810 264 +Priv 2016-02-06 2016-03-14
6.9
None Local Medium Not required Complete Complete Complete
media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25781119.
19 CVE-2016-0809 264 +Priv 2016-02-06 2016-03-14
8.3
None Local Network Low Not required Complete Complete Complete
Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal bug 25753768.
20 CVE-2016-0807 264 +Priv 2016-02-06 2016-03-11
7.2
None Local Low Not required Complete Complete Complete
The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.
21 CVE-2016-0806 264 +Priv 2016-02-06 2016-03-16
7.2
None Local Low Not required Complete Complete Complete
The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453.
22 CVE-2016-0805 264 +Priv 2016-02-06 2016-03-11
7.2
None Local Low Not required Complete Complete Complete
The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204.
23 CVE-2016-0728 DoS Overflow +Priv 2016-02-07 2016-03-24
7.2
None Local Low Not required Complete Complete Complete
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
24 CVE-2015-7717 264 +Priv 2015-10-06 2015-10-07
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.
25 CVE-2015-6647 264 +Priv 2016-01-06 2016-01-07
9.3
None Remote Medium Not required Complete Complete Complete
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.
26 CVE-2015-6640 264 DoS +Priv 2016-01-06 2016-01-07
9.3
None Remote Medium Not required Complete Complete Complete
The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123.
27 CVE-2015-6639 264 +Priv 2016-01-06 2016-01-07
9.3
None Remote Medium Not required Complete Complete Complete
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
28 CVE-2015-6638 264 +Priv 2016-01-06 2016-01-07
9.3
None Remote Medium Not required Complete Complete Complete
The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.
29 CVE-2015-6637 264 +Priv 2016-01-06 2016-01-07
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.
30 CVE-2015-6630 200 +Priv +Info 2015-12-08 2015-12-09
4.3
None Remote Medium Not required Partial None None
SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797.
31 CVE-2015-6625 200 +Priv +Info 2015-12-08 2015-12-09
4.3
None Remote Medium Not required Partial None None
System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840.
32 CVE-2015-6623 264 +Priv 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703.
33 CVE-2015-6621 264 +Priv 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438.
34 CVE-2015-6620 264 +Priv 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and 24445127.
35 CVE-2015-6619 264 +Priv 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714.
36 CVE-2015-6614 264 DoS +Priv Bypass 2015-11-03 2015-11-03
5.8
None Remote Medium Not required None Partial Partial
Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage or mute manipulation), via a crafted application, aka internal bug 21900139.
37 CVE-2015-6613 77 +Priv 2015-11-03 2015-12-09
5.1
None Remote High Not required Partial Partial Partial
Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736.
38 CVE-2015-6612 264 +Priv 2015-11-03 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.
39 CVE-2015-6610 119 DoS Overflow +Priv Mem. Corr. 2015-11-03 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088.
40 CVE-2015-6606 264 +Priv 2015-10-06 2015-10-07
9.3
None Remote Medium Not required Complete Complete Complete
The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22301786.
41 CVE-2015-6596 264 +Priv 2015-10-06 2015-10-07
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717.
42 CVE-2015-3879 264 +Priv 2015-10-06 2015-10-07
9.3
None Remote Medium Not required Complete Complete Complete
Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325.
43 CVE-2015-3865 264 +Priv 2015-10-06 2015-10-07
9.3
None Remote Medium Not required Complete Complete Complete
The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.
44 CVE-2015-1474 189 DoS Overflow +Priv Mem. Corr. 2015-02-15 2015-04-09
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values.
45 CVE-2015-1211 264 +Priv 2015-02-06 2015-03-11
7.5
None Remote Low Not required Partial Partial Partial
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.
46 CVE-2014-9646 264 +Priv 2015-01-27 2015-02-20
4.6
None Local Low Not required Partial Partial Partial
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205.
47 CVE-2013-6770 264 +Priv 2014-03-31 2014-04-03
7.6
None Remote High Not required Complete Complete Complete
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.
48 CVE-2013-5933 119 DoS Overflow +Priv Mem. Corr. 2013-09-25 2013-09-25
6.9
None Local Medium Not required Complete Complete Complete
Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by writing a long string to the /dev/socket/init_runit socket that is inconsistent with a certain length value that was previously written to this socket.
49 CVE-2013-4777 16 +Priv 2013-09-25 2013-10-15
6.9
None Local Medium Not required Complete Complete Complete
A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object.
50 CVE-2012-4677 264 +Priv 2012-08-26 2012-08-27
4.4
None Local Medium Not required Partial Partial Partial
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.
Total number of vulnerabilities : 63   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.