U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:google:android:-
There are 2,233 matching records.
Displaying matches 2,101 through 2,120.
Vuln ID Summary CVSS Severity
CVE-2016-0968

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

Published: February 10, 2016; 3:59:15 PM -0500 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-0967

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

Published: February 10, 2016; 3:59:14 PM -0500 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-0966

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

Published: February 10, 2016; 3:59:13 PM -0500 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-0965

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

Published: February 10, 2016; 3:59:12 PM -0500 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-0964

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

Published: February 10, 2016; 3:59:11 PM -0500 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2015-8505

mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than CVE-2015-6616, CVE-2015-8506, and CVE-2015-8507.

Published: December 08, 2015; 6:59:19 PM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 9.3 HIGH
CVE-2015-6634

The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.

Published: December 08, 2015; 6:59:18 PM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 9.3 HIGH
CVE-2015-6629

Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667.

Published: December 08, 2015; 6:59:14 PM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2015-7190

The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application.

Published: November 05, 2015; 12:59:14 AM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2015-8074

mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611.

Published: November 03, 2015; 6:59:10 AM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2015-6609

libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.

Published: November 03, 2015; 6:59:01 AM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 10.0 HIGH
CVE-2015-7718

mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605.

Published: October 06, 2015; 1:59:30 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2015-7717

mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.

Published: October 06, 2015; 1:59:29 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 9.3 HIGH
CVE-2015-7716

libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than CVE-2015-3873.

Published: October 06, 2015; 1:59:28 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 10.0 HIGH
CVE-2015-6606

The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22301786.

Published: October 06, 2015; 1:59:25 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 9.3 HIGH
CVE-2015-6605

mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718.

Published: October 06, 2015; 1:59:24 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2015-6604

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786.

Published: October 06, 2015; 1:59:23 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 10.0 HIGH
CVE-2015-6603

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354.

Published: October 06, 2015; 1:59:22 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 10.0 HIGH
CVE-2015-6601

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234.

Published: October 06, 2015; 1:59:21 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 10.0 HIGH
CVE-2015-6600

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938.

Published: October 06, 2015; 1:59:20 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 10.0 HIGH