CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 8 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4501 CVE-2016-3867 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28919863 and Qualcomm internal bug CR1037897.
4502 CVE-2016-3866 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm internal bug CR1032820.
4503 CVE-2016-3865 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389.
4504 CVE-2016-3864 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28823714 and Qualcomm internal bug CR913117.
4505 CVE-2016-3862 119 DoS Exec Code Overflow Mem. Corr. 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjhead_jni, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 29270469.
4506 CVE-2016-3861 119 DoS Exec Code Overflow 2016-09-11 2017-09-02
9.3
None Remote Medium Not required Complete Complete Complete
LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543.
4507 CVE-2016-3859 264 +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28815326 and Qualcomm internal bug CR1034641.
4508 CVE-2016-3858 119 Overflow +Priv 2016-09-11 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the Qualcomm subsystem driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application that provides a long string, aka Android internal bug 28675151 and Qualcomm internal bug CR1022641.
4509 CVE-2016-3857 264 +Priv 2016-08-05 2016-08-10
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.
4510 CVE-2016-3851 264 +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.
4511 CVE-2016-3845 264 +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.
4512 CVE-2016-3844 264 +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.
4513 CVE-2016-3843 264 Exec Code +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.
4514 CVE-2016-3842 264 +Priv 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.
4515 CVE-2016-3840 264 Exec Code 2016-08-05 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.
4516 CVE-2016-3833 264 Bypass 2016-08-05 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.
4517 CVE-2016-3832 264 Bypass 2016-08-05 2016-11-28
8.3
None Remote Medium Not required Partial Partial Complete
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.
4518 CVE-2016-3811 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556.
4519 CVE-2016-3808 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009.
4520 CVE-2016-3807 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196.
4521 CVE-2016-3806 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341.
4522 CVE-2016-3805 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412.
4523 CVE-2016-3804 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410.
4524 CVE-2016-3803 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434.
4525 CVE-2016-3802 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28271368.
4526 CVE-2016-3801 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek GPS driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174914 and MediaTek internal bug ALPS02688853.
4527 CVE-2016-3800 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175027 and MediaTek internal bug ALPS02693739.
4528 CVE-2016-3799 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175025 and MediaTek internal bug ALPS02693738.
4529 CVE-2016-3798 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek hardware sensor driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174490 and MediaTek internal bug ALPS02703105.
4530 CVE-2016-3797 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug CR1001450.
4531 CVE-2016-3796 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29008443 and MediaTek internal bug ALPS02677244.
4532 CVE-2016-3795 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085222 and MediaTek internal bug ALPS02677244.
4533 CVE-2016-3793 264 +Priv 2016-07-10 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026625.
4534 CVE-2016-3792 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles userspace data copying, which allows attackers to gain privileges via a crafted application, aka Android internal bug 27725204 and Qualcomm internal bug CR561022.
4535 CVE-2016-3775 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X, Nexus 6, Nexus 6P, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28588279.
4536 CVE-2016-3774 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008609 and MediaTek internal bug ALPS02703102.
4537 CVE-2016-3773 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008363 and MediaTek internal bug ALPS02703102.
4538 CVE-2016-3772 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008188 and MediaTek internal bug ALPS02703102.
4539 CVE-2016-3771 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29007611 and MediaTek internal bug ALPS02703102.
4540 CVE-2016-3770 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28346752 and MediaTek internal bug ALPS02703102.
4541 CVE-2016-3769 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656.
4542 CVE-2016-3768 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm performance component in Android before 2016-07-05 on Nexus 5, 6, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28172137 and Qualcomm internal bug CR1010644.
4543 CVE-2016-3767 399 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28169363 and MediaTek internal bug ALPS02689526.
4544 CVE-2016-3762 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application that uses (1) the AF_MSM_IPC socket class or (2) another socket class that is unrecognized by SELinux, aka internal bug 28612709.
4545 CVE-2016-3758 119 Overflow +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides a long filename, aka internal bug 27840771.
4546 CVE-2016-3747 +Priv 2016-07-10 2016-07-14
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27903498.
4547 CVE-2016-3737 20 Exec Code 2016-08-02 2017-11-02
9.0
None Remote Low Not required Partial Partial Complete
The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.
4548 CVE-2016-3714 20 Exec Code 2016-05-05 2019-04-15
10.0
None Remote Low Not required Complete Complete Complete
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
4549 CVE-2016-3681 119 DoS Overflow +Priv 2016-05-26 2016-05-27
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03021.
4550 CVE-2016-3680 119 DoS Overflow +Priv 2016-05-26 2016-05-27
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03020.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.