Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
- CPE Product: cpe:/::android
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-3883 |
internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attackers to spoof the premium-payment confirmation dialog via a crafted application, aka internal bug 28557603. Published: September 11, 2016; 5:59:27 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-3881 |
The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and device hang or reboot) via a crafted media file, aka internal bug 30013856. Published: September 11, 2016; 5:59:25 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2016-3880 |
Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 25747670. Published: September 11, 2016; 5:59:24 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2016-3879 |
arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka internal bug 29770686. Published: September 11, 2016; 5:59:23 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2016-3878 |
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002. Published: September 11, 2016; 5:59:22 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2016-3877 |
Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors. Published: September 11, 2016; 5:59:21 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2016-3876 |
providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345. Published: September 11, 2016; 5:59:19 PM -0400 |
V3.0: 6.8 MEDIUM V2.0: 7.2 HIGH |
CVE-2016-3875 |
server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884. Published: September 11, 2016; 5:59:18 PM -0400 |
V3.0: 6.8 MEDIUM V2.0: 7.2 HIGH |
CVE-2016-3874 |
CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges via a crafted application that sends a WE_UNIT_TEST_CMD command, aka Android internal bug 29944562 and Qualcomm internal bug CR997797. Published: September 11, 2016; 5:59:17 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-3873 |
The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 29518457. Published: September 11, 2016; 5:59:16 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-3872 |
Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug 29421675. Published: September 11, 2016; 5:59:15 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-3871 |
Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka internal bug 29422022. Published: September 11, 2016; 5:59:14 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-3870 |
omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not prevent input-port changes, which allows attackers to gain privileges via a crafted application, aka internal bug 29421804. Published: September 11, 2016; 5:59:13 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-3869 |
The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#96070. Published: September 11, 2016; 5:59:12 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-3868 |
The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm internal bug CR1032875. Published: September 11, 2016; 5:59:11 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-3867 |
The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28919863 and Qualcomm internal bug CR1037897. Published: September 11, 2016; 5:59:10 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-3866 |
The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm internal bug CR1032820. Published: September 11, 2016; 5:59:09 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-3865 |
The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389. Published: September 11, 2016; 5:59:07 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-3864 |
The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28823714 and Qualcomm internal bug CR913117. Published: September 11, 2016; 5:59:06 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-3863 |
Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a crafted media file, aka internal bug 29161888. Published: September 11, 2016; 5:59:05 PM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |