CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
701 CVE-2016-2464 20 DoS Exec Code Mem. Corr. 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726.
702 CVE-2016-2463 119 DoS Exec Code Overflow Mem. Corr. 2016-06-12 2016-06-14
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation, aka internal bug 27855419.
703 CVE-2016-2462 264 2016-05-09 2016-05-10
7.6
None Remote High Not required Complete Complete Complete
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173.
704 CVE-2016-2461 264 2016-05-09 2016-05-10
7.6
None Remote High Not required Complete Complete Complete
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681.
705 CVE-2016-2460 200 +Info 2016-05-09 2016-05-09
4.3
None Remote Medium Not required Partial None None
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27555981.
706 CVE-2016-2459 200 +Info 2016-05-09 2016-05-09
4.3
None Remote Medium Not required Partial None None
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27556038.
707 CVE-2016-2458 200 +Info 2016-05-09 2016-05-10
4.3
None Remote Medium Not required Partial None None
The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and ComposeActivityEmail.java, aka internal bug 27335139.
708 CVE-2016-2457 264 Bypass 2016-05-09 2016-07-12
2.1
None Local Low Not required None Partial None
server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179.
709 CVE-2016-2456 264 +Priv 2016-05-09 2016-05-16
5.1
None Remote High Not required Partial Partial Partial
The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187.
710 CVE-2016-2454 20 DoS 2016-05-09 2016-05-09
7.1
None Remote Medium Not required None None Complete
The Qualcomm hardware video codec in Android before 2016-05-01 on Nexus 5 devices allows remote attackers to cause a denial of service (reboot) via a crafted file, aka internal bug 26221024.
711 CVE-2016-2452 264 +Priv 2016-05-09 2016-05-10
9.3
None Remote Medium Not required Complete Complete Complete
codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 27662364 and 27843673.
712 CVE-2016-2451 264 +Priv 2016-05-09 2016-05-10
9.3
None Remote Medium Not required Complete Complete Complete
codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27597103.
713 CVE-2016-2450 264 +Priv 2016-05-09 2016-05-10
9.3
None Remote Medium Not required Complete Complete Complete
codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27569635.
714 CVE-2016-2449 264 +Priv 2016-05-09 2016-05-10
9.3
None Remote Medium Not required Complete Complete Complete
services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template IDs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27568958.
715 CVE-2016-2448 264 +Priv 2016-05-09 2016-05-10
9.3
None Remote Medium Not required Complete Complete Complete
media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27533704.
716 CVE-2016-2446 264 +Priv 2016-05-09 2017-08-12
7.6
None Remote High Not required Complete Complete Complete
The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354.
717 CVE-2016-2445 264 +Priv 2016-05-09 2016-05-09
7.6
None Remote High Not required Complete Complete Complete
The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079.
718 CVE-2016-2444 264 +Priv 2016-05-09 2016-05-09
7.6
None Remote High Not required Complete Complete Complete
The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332.
719 CVE-2016-2443 264 +Priv 2016-05-09 2016-05-09
7.6
None Remote High Not required Complete Complete Complete
The Qualcomm MDP driver in Android before 2016-05-01 on Nexus 5 and Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 26404525.
720 CVE-2016-2442 264 +Priv 2016-05-09 2016-08-18
7.6
None Remote High Not required Complete Complete Complete
The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26494907.
721 CVE-2016-2441 264 +Priv 2016-05-09 2016-08-16
7.6
None Remote High Not required Complete Complete Complete
The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26354602.
722 CVE-2016-2440 264 +Priv 2016-05-09 2016-05-10
9.3
None Remote Medium Not required Complete Complete Complete
libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896.
723 CVE-2016-2439 119 Exec Code Overflow 2016-05-09 2016-05-10
5.4
None Local Network Medium Not required Partial Partial Partial
Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows remote attackers to execute arbitrary code via a long PIN value, aka internal bug 27411268.
724 CVE-2016-2437 264 +Priv 2016-05-09 2016-05-09
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27436822.
725 CVE-2016-2436 264 +Priv 2016-05-09 2016-05-09
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27299111.
726 CVE-2016-2435 264 +Priv 2016-05-09 2016-05-09
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27297988.
727 CVE-2016-2434 264 +Priv 2016-05-09 2016-05-10
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090.
728 CVE-2016-2433 284 Exec Code 2017-04-21 2017-05-02
8.3
None Local Network Low Not required Complete Complete Complete
The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel.
729 CVE-2016-2432 264 +Priv 2016-05-09 2016-05-09
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059.
730 CVE-2016-2431 264 +Priv 2016-05-09 2016-05-09
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.
731 CVE-2016-2430 264 +Priv 2016-05-09 2016-05-10
9.3
None Remote Medium Not required Complete Complete Complete
libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236.
732 CVE-2016-2429 119 DoS Exec Code Overflow Mem. Corr. 2016-05-09 2016-05-10
10.0
None Remote Low Not required Complete Complete Complete
libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted media file, aka internal bug 27211885.
733 CVE-2016-2428 119 DoS Exec Code Overflow Mem. Corr. 2016-05-09 2016-05-10
10.0
None Remote Low Not required Complete Complete Complete
libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339.
734 CVE-2016-2427 200 +Info 2016-04-17 2016-08-18
4.3
None Remote Medium Not required Partial None None
** DISPUTED ** The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568. NOTE: The vendor disputes the existence of this potential issue in Android, stating "This CVE was raised in error: it referred to the authentication tag size in GCM, whose default according to ASN.1 encoding (12 bytes) can lead to vulnerabilities. After careful consideration, it was decided that the insecure default value of 12 bytes was a default only for the encoding and not default anywhere else in Android, and hence no vulnerability existed."
735 CVE-2016-2426 200 +Info 2016-04-17 2016-04-25
4.3
None Remote Medium Not required Partial None None
server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 26094635.
736 CVE-2016-2425 200 +Info 2016-04-17 2016-04-25
4.3
None Remote Medium Not required Partial None None
mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185.
737 CVE-2016-2424 20 DoS 2016-04-17 2016-04-25
7.1
None Remote Medium Not required None None Complete
server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted application, aka internal bug 26513719.
738 CVE-2016-2423 264 Bypass 2016-04-17 2016-04-25
6.6
None Local Low Not required None Complete Complete
server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187.
739 CVE-2016-2422 264 +Priv 2016-04-17 2016-04-25
9.3
None Remote Medium Not required Complete Complete Complete
Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324357.
740 CVE-2016-2421 264 Bypass 2016-04-17 2016-04-25
6.6
None Local Low Not required None Complete Complete
Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410.
741 CVE-2016-2420 264 +Priv 2016-04-17 2016-04-22
9.3
None Remote Medium Not required Complete Complete Complete
rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620.
742 CVE-2016-2419 264 Bypass +Info 2016-04-17 2016-04-25
10.0
None Remote Low Not required Complete Complete Complete
media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.
743 CVE-2016-2418 119 Overflow Bypass +Info 2016-04-17 2016-04-20
10.0
None Remote Low Not required Complete Complete Complete
media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358.
744 CVE-2016-2417 264 Bypass +Info 2016-04-17 2016-04-25
10.0
None Remote Low Not required Complete Complete Complete
media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474.
745 CVE-2016-2416 264 Bypass +Info 2016-04-17 2016-04-25
10.0
None Remote Low Not required Complete Complete Complete
libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057.
746 CVE-2016-2415 200 +Info 2016-04-17 2016-04-21
7.1
None Remote Medium Not required Complete None None
exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request, aka internal bug 26488455.
747 CVE-2016-2414 20 DoS Mem. Corr. 2016-04-17 2016-04-21
4.9
None Local Low Not required None None Complete
The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) via a crafted font, aka internal bug 26413177.
748 CVE-2016-2413 264 +Priv 2016-04-17 2016-04-21
9.3
None Remote Medium Not required Complete Complete Complete
media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627.
749 CVE-2016-2412 264 +Priv 2016-04-17 2016-04-22
9.3
None Remote Medium Not required Complete Complete Complete
include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930.
750 CVE-2016-2411 20 +Priv 2016-04-17 2016-04-19
9.3
None Remote Medium Not required Complete Complete Complete
A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053.
Total number of vulnerabilities : 884   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 (This Page)16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.