CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2016-3814 200 +Info 2016-07-10 2016-07-12
4.3
None Remote Medium Not required Partial None None
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342.
602 CVE-2016-3813 200 +Info 2016-07-10 2016-07-12
4.3
None Remote Medium Not required Partial None None
The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28172322 and Qualcomm internal bug CR1010222.
603 CVE-2016-3812 200 +Info 2016-07-10 2016-07-12
4.3
None Remote Medium Not required Partial None None
The MediaTek video codec driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28174833 and MediaTek internal bug ALPS02688832.
604 CVE-2016-3811 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556.
605 CVE-2016-3810 200 +Info 2016-07-10 2016-07-12
4.3
None Remote Medium Not required Partial None None
The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28175522 and MediaTek internal bug ALPS02694389.
606 CVE-2016-3809 200 +Info 2016-07-10 2016-07-12
4.3
None Remote Medium Not required Partial None None
The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 27532522.
607 CVE-2016-3808 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009.
608 CVE-2016-3807 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196.
609 CVE-2016-3806 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341.
610 CVE-2016-3805 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412.
611 CVE-2016-3804 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410.
612 CVE-2016-3803 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434.
613 CVE-2016-3802 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28271368.
614 CVE-2016-3801 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek GPS driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174914 and MediaTek internal bug ALPS02688853.
615 CVE-2016-3800 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175027 and MediaTek internal bug ALPS02693739.
616 CVE-2016-3799 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175025 and MediaTek internal bug ALPS02693738.
617 CVE-2016-3798 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek hardware sensor driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174490 and MediaTek internal bug ALPS02703105.
618 CVE-2016-3797 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug CR1001450.
619 CVE-2016-3796 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29008443 and MediaTek internal bug ALPS02677244.
620 CVE-2016-3795 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085222 and MediaTek internal bug ALPS02677244.
621 CVE-2016-3793 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026625.
622 CVE-2016-3792 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles userspace data copying, which allows attackers to gain privileges via a crafted application, aka Android internal bug 27725204 and Qualcomm internal bug CR561022.
623 CVE-2016-3775 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X, Nexus 6, Nexus 6P, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28588279.
624 CVE-2016-3774 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008609 and MediaTek internal bug ALPS02703102.
625 CVE-2016-3773 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008363 and MediaTek internal bug ALPS02703102.
626 CVE-2016-3772 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008188 and MediaTek internal bug ALPS02703102.
627 CVE-2016-3771 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29007611 and MediaTek internal bug ALPS02703102.
628 CVE-2016-3770 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28346752 and MediaTek internal bug ALPS02703102.
629 CVE-2016-3769 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656.
630 CVE-2016-3768 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm performance component in Android before 2016-07-05 on Nexus 5, 6, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28172137 and Qualcomm internal bug CR1010644.
631 CVE-2016-3767 399 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28169363 and MediaTek internal bug ALPS02689526.
632 CVE-2016-3766 20 DoS 2016-07-10 2016-07-12
7.8
None Remote Low Not required None None Complete
MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not check whether memory allocation succeeds, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28471206.
633 CVE-2016-3765 200 DoS +Info 2016-07-10 2016-07-12
6.4
None Remote Low Not required Partial None Partial
decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted application, aka internal bug 28168413.
634 CVE-2016-3764 20 +Info 2016-07-10 2016-07-12
5.0
None Remote Low Not required Partial None None
media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive pointer information via a crafted application, aka internal bug 28377502.
635 CVE-2016-3763 20 2016-07-10 2016-07-12
5.0
None Remote Low Not required Partial None None
net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919.
636 CVE-2016-3762 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application that uses (1) the AF_MSM_IPC socket class or (2) another socket class that is unrecognized by SELinux, aka internal bug 28612709.
637 CVE-2016-3761 200 +Info 2016-07-10 2016-07-12
2.1
None Local Low Not required Partial None None
NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969.
638 CVE-2016-3760 20 +Priv 2016-07-10 2016-07-12
5.4
None Local Network Medium Not required Partial Partial Partial
Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683.
639 CVE-2016-3759 200 +Info 2016-07-10 2016-07-12
5.0
None Remote Low Not required Partial None None
The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080.
640 CVE-2016-3758 119 Overflow +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides a long filename, aka internal bug 27840771.
641 CVE-2016-3757 20 +Priv 2016-07-10 2016-07-11
5.9
None Local Medium Not required Partial Partial Complete
The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237. NOTE: print_maps is not related to the Vic Abell lsof product.
642 CVE-2016-3756 20 DoS 2016-07-10 2016-07-11
7.8
None Remote Low Not required None None Complete
Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28556125.
643 CVE-2016-3755 20 DoS 2016-07-10 2016-07-11
7.8
None Remote Low Not required None None Complete
decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28470138.
644 CVE-2016-3754 399 DoS 2016-07-10 2016-07-11
7.8
None Remote Low Not required None None Complete
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448.
645 CVE-2016-3753 200 +Info 2016-07-10 2016-07-11
5.0
None Remote Low Not required Partial None None
mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via unspecified vectors, aka internal bug 27210135.
646 CVE-2016-3752 19 +Priv 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423.
647 CVE-2016-3751 +Priv 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
648 CVE-2016-3750 20 Bypass 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted application, aka internal bug 28395952.
649 CVE-2016-3749 255 2016-07-10 2016-07-11
4.6
None Local Low Not required Partial Partial Partial
server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 28163930.
650 CVE-2016-3748 264 Bypass 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804.
Total number of vulnerabilities : 884   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.