CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3951 CVE-2016-3912 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allow attackers to gain privileges via a crafted application, aka internal bug 30202481.
3952 CVE-2016-3911 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
core/java/android/os/Process.java in Zygote in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30143607.
3953 CVE-2016-3910 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30148546.
3954 CVE-2016-3909 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30033990.
3955 CVE-2016-3905 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application that sends a SENDACTIONFRAME command, aka Android internal bug 28061823 and Qualcomm internal bug CR 1001449.
3956 CVE-2016-3903 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29513227 and Qualcomm internal bug CR 1040857.
3957 CVE-2016-3901 190 Overflow +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29999161 and Qualcomm internal bug CR 1046434.
3958 CVE-2016-3900 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
cmds/servicemanager/service_manager.c in ServiceManager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not properly restrict service registration, which allows attackers to gain privileges via a crafted application, aka internal bug 29431260.
3959 CVE-2016-3885 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal bug 29555636.
3960 CVE-2016-3877 2016-09-11 2017-08-12
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors.
3961 CVE-2016-3874 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges via a crafted application that sends a WE_UNIT_TEST_CMD command, aka Android internal bug 29944562 and Qualcomm internal bug CR997797.
3962 CVE-2016-3873 264 +Priv 2016-09-11 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 29518457.
3963 CVE-2016-3872 119 Overflow +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug 29421675.
3964 CVE-2016-3871 264 Overflow +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka internal bug 29422022.
3965 CVE-2016-3870 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not prevent input-port changes, which allows attackers to gain privileges via a crafted application, aka internal bug 29421804.
3966 CVE-2016-3869 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#96070.
3967 CVE-2016-3868 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm internal bug CR1032875.
3968 CVE-2016-3867 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28919863 and Qualcomm internal bug CR1037897.
3969 CVE-2016-3866 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm internal bug CR1032820.
3970 CVE-2016-3865 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389.
3971 CVE-2016-3864 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28823714 and Qualcomm internal bug CR913117.
3972 CVE-2016-3862 119 DoS Exec Code Overflow Mem. Corr. 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjhead_jni, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 29270469.
3973 CVE-2016-3861 119 DoS Exec Code Overflow 2016-09-11 2017-09-02
9.3
None Remote Medium Not required Complete Complete Complete
LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543.
3974 CVE-2016-3859 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28815326 and Qualcomm internal bug CR1034641.
3975 CVE-2016-3858 119 Overflow +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the Qualcomm subsystem driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application that provides a long string, aka Android internal bug 28675151 and Qualcomm internal bug CR1022641.
3976 CVE-2016-3857 264 +Priv 2016-08-05 2016-08-10
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.
3977 CVE-2016-3851 264 +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.
3978 CVE-2016-3845 264 +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.
3979 CVE-2016-3844 264 +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.
3980 CVE-2016-3843 264 Exec Code +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.
3981 CVE-2016-3842 264 +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.
3982 CVE-2016-3840 264 Exec Code 2016-08-05 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.
3983 CVE-2016-3833 264 Bypass 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.
3984 CVE-2016-3811 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556.
3985 CVE-2016-3808 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009.
3986 CVE-2016-3807 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196.
3987 CVE-2016-3806 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341.
3988 CVE-2016-3805 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412.
3989 CVE-2016-3804 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410.
3990 CVE-2016-3803 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434.
3991 CVE-2016-3802 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28271368.
3992 CVE-2016-3801 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek GPS driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174914 and MediaTek internal bug ALPS02688853.
3993 CVE-2016-3800 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175027 and MediaTek internal bug ALPS02693739.
3994 CVE-2016-3799 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175025 and MediaTek internal bug ALPS02693738.
3995 CVE-2016-3798 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek hardware sensor driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174490 and MediaTek internal bug ALPS02703105.
3996 CVE-2016-3797 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug CR1001450.
3997 CVE-2016-3796 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29008443 and MediaTek internal bug ALPS02677244.
3998 CVE-2016-3795 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085222 and MediaTek internal bug ALPS02677244.
3999 CVE-2016-3793 264 +Priv 2016-07-10 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026625.
4000 CVE-2016-3792 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles userspace data copying, which allows attackers to gain privileges via a crafted application, aka Android internal bug 27725204 and Qualcomm internal bug CR561022.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.