CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2016-3762 264 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application that uses (1) the AF_MSM_IPC socket class or (2) another socket class that is unrecognized by SELinux, aka internal bug 28612709.
652 CVE-2016-3761 200 +Info 2016-07-10 2016-07-12
2.1
None Local Low Not required Partial None None
NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969.
653 CVE-2016-3760 20 +Priv 2016-07-10 2016-07-12
5.4
None Local Network Medium Not required Partial Partial Partial
Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683.
654 CVE-2016-3759 200 +Info 2016-07-10 2016-07-12
5.0
None Remote Low Not required Partial None None
The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080.
655 CVE-2016-3758 119 Overflow +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides a long filename, aka internal bug 27840771.
656 CVE-2016-3757 20 +Priv 2016-07-10 2016-07-11
5.9
None Local Medium Not required Partial Partial Complete
The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237. NOTE: print_maps is not related to the Vic Abell lsof product.
657 CVE-2016-3756 20 DoS 2016-07-10 2016-07-11
7.8
None Remote Low Not required None None Complete
Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28556125.
658 CVE-2016-3755 20 DoS 2016-07-10 2016-07-11
7.8
None Remote Low Not required None None Complete
decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28470138.
659 CVE-2016-3754 399 DoS 2016-07-10 2016-07-11
7.8
None Remote Low Not required None None Complete
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448.
660 CVE-2016-3753 200 +Info 2016-07-10 2016-07-11
5.0
None Remote Low Not required Partial None None
mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via unspecified vectors, aka internal bug 27210135.
661 CVE-2016-3752 19 +Priv 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423.
662 CVE-2016-3751 +Priv 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
663 CVE-2016-3750 20 Bypass 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted application, aka internal bug 28395952.
664 CVE-2016-3749 255 2016-07-10 2016-07-11
4.6
None Local Low Not required Partial Partial Partial
server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 28163930.
665 CVE-2016-3748 264 Bypass 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804.
666 CVE-2016-3747 +Priv 2016-07-10 2016-07-14
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27903498.
667 CVE-2016-3746 +Priv 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27890802.
668 CVE-2016-3745 119 Overflow +Priv 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28173666.
669 CVE-2016-3744 119 Overflow +Priv 2016-07-10 2016-07-11
4.3
None Local Network High Not required Partial Partial Partial
Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to gain privileges via a crafted pairing operation, aka internal bug 27930580.
670 CVE-2016-3743 20 DoS Exec Code Mem. Corr. 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656.
671 CVE-2016-3742 20 DoS Exec Code Mem. Corr. 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659.
672 CVE-2016-3741 20 DoS Exec Code Mem. Corr. 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661.
673 CVE-2016-2508 119 DoS Exec Code Overflow Mem. Corr. 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28799341.
674 CVE-2016-2507 119 DoS Exec Code Overflow Mem. Corr. 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28532266.
675 CVE-2016-2506 119 DoS Exec Code Overflow Mem. Corr. 2016-07-10 2016-07-11
10.0
None Remote Low Not required Complete Complete Complete
DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045.
676 CVE-2016-2505 119 DoS Exec Code Overflow Mem. Corr. 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28333006.
677 CVE-2016-2504 264 +Priv 2016-08-05 2016-11-28
6.9
None Local Medium Not required Complete Complete Complete
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.
678 CVE-2016-2503 264 +Priv 2016-07-10 2016-07-11
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28084795 and Qualcomm internal bug CR1006067.
679 CVE-2016-2502 264 +Priv 2016-07-10 2016-07-11
9.3
None Remote Medium Not required Complete Complete Complete
drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSER_IOCTL ioctl call, aka Android internal bug 27657963 and Qualcomm internal bug CR997044.
680 CVE-2016-2501 264 +Priv 2016-07-10 2016-07-11
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 27890772 and Qualcomm internal bug CR1001092.
681 CVE-2016-2500 200 +Info 2016-06-12 2016-06-15
4.3
None Remote Medium Not required Partial None None
Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814.
682 CVE-2016-2499 200 +Info 2016-06-12 2016-06-14
4.3
None Remote Medium Not required Partial None None
AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172.
683 CVE-2016-2498 200 Bypass +Info 2016-06-12 2016-06-14
4.3
None Remote Medium Not required Partial None None
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.
684 CVE-2016-2497 119 Overflow 2016-08-05 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489.
685 CVE-2016-2496 264 2016-06-12 2016-06-14
10.0
None Remote Low Not required Complete Complete Complete
The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796.
686 CVE-2016-2495 20 DoS 2016-06-12 2016-06-14
7.1
None Remote Medium Not required None None Complete
SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28076789.
687 CVE-2016-2494 264 +Priv 2016-06-12 2016-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658.
688 CVE-2016-2493 264 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522.
689 CVE-2016-2492 264 +Priv 2016-06-12 2016-06-16
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410.
690 CVE-2016-2491 264 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408.
691 CVE-2016-2490 264 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373.
692 CVE-2016-2489 264 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407629.
693 CVE-2016-2488 264 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27600832.
694 CVE-2016-2487 20 +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27833616.
695 CVE-2016-2486 20 +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793371.
696 CVE-2016-2485 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793367.
697 CVE-2016-2484 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793163.
698 CVE-2016-2483 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27662502.
699 CVE-2016-2482 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27661749.
700 CVE-2016-2481 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532497.
Total number of vulnerabilities : 884   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (This Page)15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.