Max CVSS 10.0 Min CVSS 3.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2014-9322 7.2
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access t
17-01-2023 - 21:29 17-12-2014 - 11:59
CVE-2015-1805 7.2
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a den
05-01-2018 - 02:30 08-08-2015 - 10:59
CVE-2016-0834 10.0
An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548.
19-10-2017 - 01:30 18-04-2016 - 00:59
CVE-2016-1503 10.0
dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of s
10-09-2017 - 01:29 18-04-2016 - 00:59
CVE-2016-2417 10.0
media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process
08-09-2017 - 01:29 18-04-2016 - 00:59
CVE-2016-0846 7.2
libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted a
08-09-2017 - 01:29 18-04-2016 - 00:59
CVE-2014-6060 3.3
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be proc
23-06-2016 - 11:56 04-09-2014 - 17:55
CVE-2016-2425 4.3
mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted appl
25-04-2016 - 13:17 18-04-2016 - 00:59
CVE-2016-2423 6.6
server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to by
25-04-2016 - 13:08 18-04-2016 - 00:59
CVE-2016-2421 6.6
Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410.
25-04-2016 - 13:06 18-04-2016 - 00:59
CVE-2016-2416 10.0
libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive infor
25-04-2016 - 12:54 18-04-2016 - 00:59
CVE-2016-2424 7.1
server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot l
25-04-2016 - 12:53 18-04-2016 - 00:59
CVE-2016-2426 4.3
server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive info
25-04-2016 - 12:50 18-04-2016 - 00:59
CVE-2016-2422 9.3
Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demon
25-04-2016 - 12:48 18-04-2016 - 00:59
CVE-2016-2419 10.0
media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified prote
25-04-2016 - 12:47 18-04-2016 - 00:59
CVE-2016-2420 9.3
rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620.
22-04-2016 - 15:23 18-04-2016 - 00:59
CVE-2016-2412 9.3
include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted applicat
22-04-2016 - 14:41 18-04-2016 - 00:59
CVE-2016-2414 4.9
The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot lo
21-04-2016 - 15:24 18-04-2016 - 00:59
CVE-2016-2413 9.3
media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtainin
21-04-2016 - 15:17 18-04-2016 - 00:59
CVE-2016-2409 9.3
A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545.
21-04-2016 - 14:00 18-04-2016 - 00:59
CVE-2016-2415 7.1
exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that t
21-04-2016 - 13:54 18-04-2016 - 00:59
CVE-2016-0850 5.8
The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to bypass intended pairing restrictions via a crafted device, aka internal bug 265
21-04-2016 - 13:29 18-04-2016 - 00:59
CVE-2016-0847 7.2
The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSy
21-04-2016 - 13:23 18-04-2016 - 00:59
CVE-2016-2410 6.9
A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677.
20-04-2016 - 19:29 18-04-2016 - 00:59
CVE-2016-0849 7.2
Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature
20-04-2016 - 19:26 18-04-2016 - 00:59
CVE-2016-0848 7.2
Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink tar
20-04-2016 - 19:24 18-04-2016 - 00:59
CVE-2016-0844 7.2
The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307.
20-04-2016 - 19:17 18-04-2016 - 00:59
CVE-2016-0843 7.2
The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197.
20-04-2016 - 19:12 18-04-2016 - 00:59
CVE-2016-0841 10.0
media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cau
20-04-2016 - 18:58 18-04-2016 - 00:59
CVE-2016-0839 10.0
post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka inte
20-04-2016 - 18:57 18-04-2016 - 00:59
CVE-2016-0837 10.0
MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and
20-04-2016 - 18:57 18-04-2016 - 00:59
CVE-2016-0838 10.0
Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of servic
20-04-2016 - 18:52 18-04-2016 - 00:59
CVE-2016-0835 10.0
decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal
20-04-2016 - 18:50 18-04-2016 - 00:59
CVE-2016-0842 10.0
The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted me
20-04-2016 - 16:43 18-04-2016 - 00:59
CVE-2016-0840 10.0
Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka int
20-04-2016 - 16:41 18-04-2016 - 00:59
CVE-2016-2418 10.0
media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protectio
20-04-2016 - 15:40 18-04-2016 - 00:59
CVE-2016-0836 10.0
Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 2581259
20-04-2016 - 02:51 18-04-2016 - 00:59
CVE-2016-2411 9.3
A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053.
20-04-2016 - 01:22 18-04-2016 - 00:59
Back to Top Mark selected
Back to Top