CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2016-3761 200 +Info 2016-07-10 2016-07-12
2.1
None Local Low Not required Partial None None
NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969.
952 CVE-2016-3760 20 +Priv 2016-07-10 2016-07-12
5.4
None Local Network Medium Not required Partial Partial Partial
Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683.
953 CVE-2016-3759 200 +Info 2016-07-10 2016-07-12
5.0
None Remote Low Not required Partial None None
The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080.
954 CVE-2016-3758 119 Overflow +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides a long filename, aka internal bug 27840771.
955 CVE-2016-3757 20 +Priv 2016-07-10 2016-07-11
5.9
None Local Medium Not required Partial Partial Complete
The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237. NOTE: print_maps is not related to the Vic Abell lsof product.
956 CVE-2016-3756 20 DoS 2016-07-10 2016-07-11
7.8
None Remote Low Not required None None Complete
Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28556125.
957 CVE-2016-3755 20 DoS 2016-07-10 2016-07-11
7.8
None Remote Low Not required None None Complete
decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28470138.
958 CVE-2016-3754 399 DoS 2016-07-10 2016-07-11
7.8
None Remote Low Not required None None Complete
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448.
959 CVE-2016-3753 200 +Info 2016-07-10 2016-07-11
5.0
None Remote Low Not required Partial None None
mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via unspecified vectors, aka internal bug 27210135.
960 CVE-2016-3752 19 +Priv 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423.
961 CVE-2016-3751 +Priv 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
962 CVE-2016-3750 20 Bypass 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted application, aka internal bug 28395952.
963 CVE-2016-3749 255 2016-07-10 2016-07-11
4.6
None Local Low Not required Partial Partial Partial
server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 28163930.
964 CVE-2016-3748 264 Bypass 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804.
965 CVE-2016-3747 +Priv 2016-07-10 2016-07-14
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27903498.
966 CVE-2016-3746 +Priv 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27890802.
967 CVE-2016-3745 119 Overflow +Priv 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28173666.
968 CVE-2016-3744 119 Overflow +Priv 2016-07-10 2016-07-11
4.3
None Local Network High Not required Partial Partial Partial
Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to gain privileges via a crafted pairing operation, aka internal bug 27930580.
969 CVE-2016-3743 20 DoS Exec Code Mem. Corr. 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656.
970 CVE-2016-3742 20 DoS Exec Code Mem. Corr. 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659.
971 CVE-2016-3741 20 DoS Exec Code Mem. Corr. 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661.
972 CVE-2016-2508 119 DoS Exec Code Overflow Mem. Corr. 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28799341.
973 CVE-2016-2507 119 DoS Exec Code Overflow Mem. Corr. 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28532266.
974 CVE-2016-2506 119 DoS Exec Code Overflow Mem. Corr. 2016-07-10 2016-07-11
10.0
None Remote Low Not required Complete Complete Complete
DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045.
975 CVE-2016-2505 119 DoS Exec Code Overflow Mem. Corr. 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28333006.
976 CVE-2016-2504 264 +Priv 2016-08-05 2016-11-28
6.9
None Local Medium Not required Complete Complete Complete
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.
977 CVE-2016-2503 264 +Priv 2016-07-10 2016-07-11
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28084795 and Qualcomm internal bug CR1006067.
978 CVE-2016-2502 264 +Priv 2016-07-10 2016-07-11
9.3
None Remote Medium Not required Complete Complete Complete
drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSER_IOCTL ioctl call, aka Android internal bug 27657963 and Qualcomm internal bug CR997044.
979 CVE-2016-2501 264 +Priv 2016-07-10 2016-07-11
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 27890772 and Qualcomm internal bug CR1001092.
980 CVE-2016-2500 200 +Info 2016-06-12 2016-06-15
4.3
None Remote Medium Not required Partial None None
Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814.
981 CVE-2016-2499 200 +Info 2016-06-12 2016-06-14
4.3
None Remote Medium Not required Partial None None
AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172.
982 CVE-2016-2498 200 Bypass +Info 2016-06-12 2016-06-14
4.3
None Remote Medium Not required Partial None None
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.
983 CVE-2016-2497 119 Overflow 2016-08-05 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489.
984 CVE-2016-2496 264 2016-06-12 2016-06-14
10.0
None Remote Low Not required Complete Complete Complete
The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796.
985 CVE-2016-2495 20 DoS 2016-06-12 2016-06-14
7.1
None Remote Medium Not required None None Complete
SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28076789.
986 CVE-2016-2494 264 +Priv 2016-06-12 2016-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658.
987 CVE-2016-2493 264 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522.
988 CVE-2016-2492 264 +Priv 2016-06-12 2016-06-16
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410.
989 CVE-2016-2491 264 +Priv 2016-06-12 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408.
990 CVE-2016-2490 264 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373.
991 CVE-2016-2489 264 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407629.
992 CVE-2016-2488 264 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27600832.
993 CVE-2016-2487 20 +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27833616.
994 CVE-2016-2486 20 +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793371.
995 CVE-2016-2485 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793367.
996 CVE-2016-2484 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793163.
997 CVE-2016-2483 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27662502.
998 CVE-2016-2482 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27661749.
999 CVE-2016-2481 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532497.
1000 CVE-2016-2480 20 +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
The mm-video-v4l2 vidc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate certain OMX parameter data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532721.
Total number of vulnerabilities : 1092   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 (This Page)21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.