CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6551 CVE-2016-3935 190 Overflow +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29999665 and Qualcomm internal bug CR 1046507.
6552 CVE-2016-3934 119 Overflow +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka Android internal bug 30102557 and Qualcomm internal bug CR 789704.
6553 CVE-2016-3933 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 29421408.
6554 CVE-2016-3932 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 29161895 and MediaTek internal bug ALPS02770870.
6555 CVE-2016-3931 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29157595 and Qualcomm internal bug CR 1036418.
6556 CVE-2016-3930 264 +Priv 2016-10-10 2017-10-19
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138.
6557 CVE-2016-3929 2016-10-10 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823675.
6558 CVE-2016-3928 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019362 and MediaTek internal bug ALPS02829384.
6559 CVE-2016-3927 2016-10-10 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244.
6560 CVE-2016-3926 2016-10-10 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953.
6561 CVE-2016-3921 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 29831647.
6562 CVE-2016-3916 119 Overflow +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30741779.
6563 CVE-2016-3915 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30591838.
6564 CVE-2016-3914 362 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application that modifies a database between two open operations, aka internal bug 30481342.
6565 CVE-2016-3913 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate a certain static_cast operation, which allows attackers to gain privileges via a crafted application, aka internal bug 30204103.
6566 CVE-2016-3912 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allow attackers to gain privileges via a crafted application, aka internal bug 30202481.
6567 CVE-2016-3911 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
core/java/android/os/Process.java in Zygote in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30143607.
6568 CVE-2016-3910 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30148546.
6569 CVE-2016-3909 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30033990.
6570 CVE-2016-3905 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application that sends a SENDACTIONFRAME command, aka Android internal bug 28061823 and Qualcomm internal bug CR 1001449.
6571 CVE-2016-3903 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29513227 and Qualcomm internal bug CR 1040857.
6572 CVE-2016-3901 190 Overflow +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29999161 and Qualcomm internal bug CR 1046434.
6573 CVE-2016-3900 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
cmds/servicemanager/service_manager.c in ServiceManager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not properly restrict service registration, which allows attackers to gain privileges via a crafted application, aka internal bug 29431260.
6574 CVE-2016-3885 264 +Priv 2016-09-11 2017-08-13
9.3
None Remote Medium Not required Complete Complete Complete
debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal bug 29555636.
6575 CVE-2016-3877 2016-09-11 2017-08-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors.
6576 CVE-2016-3874 264 +Priv 2016-09-11 2017-08-13
9.3
None Remote Medium Not required Complete Complete Complete
CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges via a crafted application that sends a WE_UNIT_TEST_CMD command, aka Android internal bug 29944562 and Qualcomm internal bug CR997797.
6577 CVE-2016-3873 264 +Priv 2016-09-11 2017-10-19
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 29518457.
6578 CVE-2016-3872 119 Overflow +Priv 2016-09-11 2017-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug 29421675.
6579 CVE-2016-3871 264 Overflow +Priv 2016-09-11 2017-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka internal bug 29422022.
6580 CVE-2016-3870 264 +Priv 2016-09-11 2017-08-13
9.3
None Remote Medium Not required Complete Complete Complete
omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not prevent input-port changes, which allows attackers to gain privileges via a crafted application, aka internal bug 29421804.
6581 CVE-2016-3869 264 +Priv 2016-09-11 2017-08-13
9.3
None Remote Medium Not required Complete Complete Complete
The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#96070.
6582 CVE-2016-3868 264 +Priv 2016-09-11 2017-08-13
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm internal bug CR1032875.
6583 CVE-2016-3867 264 +Priv 2016-09-11 2017-08-13
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28919863 and Qualcomm internal bug CR1037897.
6584 CVE-2016-3866 264 +Priv 2016-09-11 2017-08-13
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm internal bug CR1032820.
6585 CVE-2016-3865 264 +Priv 2016-09-11 2017-08-13
9.3
None Remote Medium Not required Complete Complete Complete
The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389.
6586 CVE-2016-3864 264 +Priv 2016-09-11 2017-08-13
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28823714 and Qualcomm internal bug CR913117.
6587 CVE-2016-3862 119 DoS Exec Code Overflow Mem. Corr. 2016-09-11 2017-08-13
9.3
None Remote Medium Not required Complete Complete Complete
media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjhead_jni, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 29270469.
6588 CVE-2016-3861 264 DoS Exec Code Overflow 2016-09-11 2017-09-03
9.3
None Remote Medium Not required Complete Complete Complete
LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543.
6589 CVE-2016-3859 264 +Priv 2016-09-11 2017-08-13
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28815326 and Qualcomm internal bug CR1034641.
6590 CVE-2016-3858 119 Overflow +Priv 2016-09-11 2017-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the Qualcomm subsystem driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application that provides a long string, aka Android internal bug 28675151 and Qualcomm internal bug CR1022641.
6591 CVE-2016-3857 264 +Priv 2016-08-05 2016-08-10
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.
6592 CVE-2016-3851 264 +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.
6593 CVE-2016-3845 264 +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.
6594 CVE-2016-3844 264 +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.
6595 CVE-2016-3843 264 Exec Code +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.
6596 CVE-2016-3842 264 +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.
6597 CVE-2016-3840 264 Exec Code 2016-08-05 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.
6598 CVE-2016-3833 264 Bypass 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.
6599 CVE-2016-3811 264 +Priv 2016-07-11 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556.
6600 CVE-2016-3808 264 +Priv 2016-07-11 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.