Google Android 5.0.1

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*

part: o version: 5.0.1 update: *

VendorGoogle (f181d1eb-7269-5bae-b76e-e66ceb214562)
ProductAndroid (e58fd905-14d0-5c08-b14d-4d3138d61b03)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/aosp-mirror purl2cpe 2026-06-01 10:16:38.588822
pkg:googlesource/android purl2cpe 2026-06-01 10:16:38.588824

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-30162 vulnerable 2026-06-03 14:44:27.396026 Details available
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).
Published: 2021-04-06T07:18:19.000Z
Updated: 2024-08-03T22:24:59.443Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-25381 not_vulnerable 2026-06-03 14:44:05.237375 db.gcve.eu returned HTTP 503. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-25343 not_vulnerable 2026-06-03 14:44:05.156541 db.gcve.eu returned HTTP 503. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-25342 not_vulnerable 2026-06-03 14:44:05.144632 db.gcve.eu returned HTTP 503. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-21087 vulnerable 2026-06-03 14:38:40.136782 Details available
An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018).
Published: 2020-04-08T14:43:17.000Z
Updated: 2024-08-05T12:19:27.653Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-21086 vulnerable 2026-06-03 14:38:40.136182 Details available
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018).
Published: 2020-04-08T14:45:02.000Z
Updated: 2024-08-05T12:19:27.610Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-21085 vulnerable 2026-06-03 14:38:40.135697 Details available
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018).
Published: 2020-04-08T14:45:46.000Z
Updated: 2024-08-05T12:19:27.593Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-21079 vulnerable 2026-06-03 14:38:40.131190 Details available
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. There is a kernel pointer leak in the USB gadget driver. The Samsung ID is SVE-2017-10993 (March 2018).
Published: 2020-04-08T17:03:10.000Z
Updated: 2024-08-05T12:19:27.603Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-18648 vulnerable 2026-06-03 14:36:57.358681 Details available
An issue was discovered on Samsung mobile devices with KK(4.4.x), L(5.x), M(6.x), and N(7.x) software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 (November 2017).
Published: 2020-04-07T15:56:17.000Z
Updated: 2024-08-05T21:28:55.954Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0845 vulnerable 2026-06-03 14:36:19.351896 Details available
A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.
Published: 2017-11-16T23:00:00.000Z
Updated: 2024-09-17T03:13:02.310Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0823 vulnerable 2026-06-03 14:36:19.344141 Details available
An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.
Published: 2017-10-03T21:00:00.000Z
Updated: 2024-09-17T01:52:06.144Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0817 vulnerable 2026-06-03 14:36:19.341525 Details available
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430.
Published: 2017-10-03T21:00:00.000Z
Updated: 2024-09-16T23:32:00.603Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0816 vulnerable 2026-06-03 14:36:19.340613 Details available
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938.
Published: 2017-10-03T21:00:00.000Z
Updated: 2024-09-17T04:14:14.194Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0815 vulnerable 2026-06-03 14:36:19.339710 Details available
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567.
Published: 2017-10-03T21:00:00.000Z
Updated: 2024-09-17T03:17:45.354Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0814 vulnerable 2026-06-03 14:36:19.338706 Details available
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140.
Published: 2017-10-03T21:00:00.000Z
Updated: 2024-09-16T20:07:50.076Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0811 vulnerable 2026-06-03 14:36:19.337043 Details available
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177.
Published: 2017-10-03T21:00:00.000Z
Updated: 2024-09-17T02:42:08.660Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0809 vulnerable 2026-06-03 14:36:19.335961 Details available
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128.
Published: 2017-10-03T21:00:00.000Z
Updated: 2024-09-16T21:03:42.960Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0805 vulnerable 2026-06-03 14:36:19.333683 Details available
A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701.
Published: 2017-08-24T00:00:00.000Z
Updated: 2024-09-16T20:57:36.354Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0785 vulnerable 2026-06-03 14:36:19.327293 Details available
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
Published: 2017-09-14T19:00:00.000Z
Updated: 2024-09-16T23:20:57.466Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0784 vulnerable 2026-06-03 14:36:19.326294 Details available
A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-17T03:17:36.000Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0783 vulnerable 2026-06-03 14:36:19.325739 Details available
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.
Published: 2017-09-14T19:00:00.000Z
Updated: 2024-09-17T04:18:51.494Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0782 vulnerable 2026-06-03 14:36:19.324806 Details available
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237.
Published: 2017-09-14T19:00:00.000Z
Updated: 2024-09-17T03:17:52.858Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0781 vulnerable 2026-06-03 14:36:19.323811 Details available
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.
Published: 2017-09-14T19:00:00.000Z
Updated: 2024-09-16T19:09:06.188Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0779 vulnerable 2026-06-03 14:36:19.322468 Details available
A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-16T22:21:09.689Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0778 vulnerable 2026-06-03 14:36:19.321584 Details available
A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-17T03:53:40.182Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0777 vulnerable 2026-06-03 14:36:19.320989 Details available
A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-16T17:08:53.178Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0775 vulnerable 2026-06-03 14:36:19.319694 Details available
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-17T02:00:57.493Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0774 vulnerable 2026-06-03 14:36:19.318793 Details available
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-16T22:56:35.565Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0773 vulnerable 2026-06-03 14:36:19.317834 Details available
A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-16T16:48:38.302Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0770 vulnerable 2026-06-03 14:36:19.316515 Details available
A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-17T00:41:34.716Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0768 vulnerable 2026-06-03 14:36:19.315174 Details available
A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-16T17:17:55.287Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0767 vulnerable 2026-06-03 14:36:19.314310 Details available
A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-16T22:46:17.004Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0766 vulnerable 2026-06-03 14:36:19.313417 Details available
A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-16T23:01:10.445Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0764 vulnerable 2026-06-03 14:36:19.312022 Details available
A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-16T20:01:29.221Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0763 vulnerable 2026-06-03 14:36:19.311096 Details available
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-17T01:31:47.672Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0762 vulnerable 2026-06-03 14:36:19.310557 Details available
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-17T03:17:37.999Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0758 vulnerable 2026-06-03 14:36:19.308676 Details available
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-16T22:45:24.351Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0756 vulnerable 2026-06-03 14:36:19.307696 Details available
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-17T02:36:50.163Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0755 vulnerable 2026-06-03 14:36:19.306718 Details available
A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-16T18:14:38.169Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0752 vulnerable 2026-06-03 14:36:19.192702 Details available
A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835.
Published: 2017-09-08T20:00:00.000Z
Updated: 2024-09-16T19:26:02.830Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0745 vulnerable 2026-06-03 14:36:19.189725 Details available
A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296.
Published: 2017-08-09T21:00:00.000Z
Updated: 2024-09-16T18:18:41.031Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0739 vulnerable 2026-06-03 14:36:19.187448 Details available
A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37712181.
Published: 2017-08-09T21:00:00.000Z
Updated: 2024-09-17T00:45:58.919Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0738 vulnerable 2026-06-03 14:36:19.186860 Details available
A information disclosure vulnerability in the Android media framework (audioserver). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563371.
Published: 2017-08-09T21:00:00.000Z
Updated: 2024-09-16T23:16:45.235Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0737 vulnerable 2026-06-03 14:36:19.185886 Details available
A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942.
Published: 2017-08-09T21:00:00.000Z
Updated: 2024-09-16T19:14:41.407Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0733 vulnerable 2026-06-03 14:36:19.183519 Details available
A denial of service vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38391487.
Published: 2017-08-09T21:00:00.000Z
Updated: 2024-09-17T01:35:57.672Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0731 vulnerable 2026-06-03 14:36:19.182538 Details available
A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.
Published: 2017-08-09T21:00:00.000Z
Updated: 2024-09-17T02:16:12.894Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0729 vulnerable 2026-06-03 14:36:19.181203 Details available
A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346.
Published: 2017-08-09T21:00:00.000Z
Updated: 2024-09-16T18:55:56.459Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0728 vulnerable 2026-06-03 14:36:19.180674 Details available
A denial of service vulnerability in the Android media framework (hevc decoder). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37469795.
Published: 2017-08-09T21:00:00.000Z
Updated: 2024-09-17T02:32:18.094Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0726 vulnerable 2026-06-03 14:36:19.179793 Details available
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36389123.
Published: 2017-08-09T21:00:00.000Z
Updated: 2024-09-16T17:09:12.595Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0722 vulnerable 2026-06-03 14:36:19.177695 Details available
A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37660827.
Published: 2017-08-09T21:00:00.000Z
Updated: 2024-09-16T16:33:10.227Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0720 vulnerable 2026-06-03 14:36:19.176396 Details available
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213.
Published: 2017-08-09T21:00:00.000Z
Updated: 2024-09-17T01:41:01.988Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0714 vulnerable 2026-06-03 14:36:19.173472 Details available
A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492637.
Published: 2017-08-09T21:00:00.000Z
Updated: 2024-09-16T23:36:25.854Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0713 vulnerable 2026-06-03 14:36:19.172560 Details available
A remote code execution vulnerability in the Android libraries (sfntly). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-32096780.
Published: 2017-08-09T21:00:00.000Z
Updated: 2024-09-17T01:26:08.494Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0712 vulnerable 2026-06-03 14:36:19.171545 Details available
A elevation of privilege vulnerability in the Android framework (wi-fi service). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207928.
Published: 2017-08-09T21:00:00.000Z
Updated: 2024-09-17T04:14:24.267Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0603 vulnerable 2026-06-03 14:36:19.137245 Details available
A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994.
Published: 2017-05-12T15:00:00.000Z
Updated: 2024-08-05T13:11:06.611Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0602 vulnerable 2026-06-03 14:36:19.136260 Details available
An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955.
Published: 2017-05-12T15:00:00.000Z
Updated: 2024-08-05T13:11:06.797Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0600 vulnerable 2026-06-03 14:36:19.134996 Details available
A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635.
Published: 2017-05-12T15:00:00.000Z
Updated: 2024-08-05T13:11:06.601Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0598 vulnerable 2026-06-03 14:36:19.133622 Details available
An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677.
Published: 2017-05-12T15:00:00.000Z
Updated: 2024-08-05T13:11:06.565Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0597 vulnerable 2026-06-03 14:36:19.132730 Details available
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34749571.
Published: 2017-05-12T15:00:00.000Z
Updated: 2024-08-05T13:11:06.631Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0596 vulnerable 2026-06-03 14:36:19.131841 Details available
An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34749392.
Published: 2017-05-12T15:00:00.000Z
Updated: 2024-08-05T13:11:06.803Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0595 vulnerable 2026-06-03 14:36:19.130891 Details available
An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34705519.
Published: 2017-05-12T15:00:00.000Z
Updated: 2024-08-05T13:11:06.687Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0594 vulnerable 2026-06-03 14:36:19.129985 Details available
An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34617444.
Published: 2017-05-12T15:00:00.000Z
Updated: 2024-08-05T13:11:06.852Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0592 vulnerable 2026-06-03 14:36:19.128649 Details available
A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34970788.
Published: 2017-05-12T15:00:00.000Z
Updated: 2024-08-05T13:11:06.700Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0590 vulnerable 2026-06-03 14:36:19.127231 Details available
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35039946.
Published: 2017-05-12T15:00:00.000Z
Updated: 2024-08-05T13:11:06.743Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0589 vulnerable 2026-06-03 14:36:19.126671 Details available
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036.
Published: 2017-05-12T15:00:00.000Z
Updated: 2024-08-05T13:11:06.534Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0588 vulnerable 2026-06-03 14:36:19.126107 Details available
A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607.
Published: 2017-05-12T15:00:00.000Z
Updated: 2024-08-05T13:11:06.800Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0560 vulnerable 2026-06-03 14:36:19.102679 Details available
An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079.
Published: 2017-04-07T22:00:00.000Z
Updated: 2024-08-05T13:11:06.066Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0559 vulnerable 2026-06-03 14:36:19.101777 Details available
An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722.
Published: 2017-04-07T22:00:00.000Z
Updated: 2024-08-05T13:11:06.352Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0558 vulnerable 2026-06-03 14:36:19.100817 Details available
An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274.
Published: 2017-04-07T22:00:00.000Z
Updated: 2024-08-05T13:11:06.270Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0554 vulnerable 2026-06-03 14:36:19.098556 Details available
An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946.
Published: 2017-04-07T22:00:00.000Z
Updated: 2024-08-05T13:11:06.393Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0553 vulnerable 2026-06-03 14:36:19.097646 Details available
An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.
Published: 2017-04-07T22:00:00.000Z
Updated: 2024-08-05T13:11:06.544Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0547 vulnerable 2026-06-03 14:36:19.007935 Details available
An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560.
Published: 2017-04-07T22:00:00.000Z
Updated: 2024-08-05T13:11:06.148Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0546 vulnerable 2026-06-03 14:36:19.006927 Details available
An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763.
Published: 2017-04-07T22:00:00.000Z
Updated: 2024-08-05T13:11:06.354Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0545 vulnerable 2026-06-03 14:36:19.005754 Details available
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350.
Published: 2017-04-07T22:00:00.000Z
Updated: 2024-08-05T13:11:06.283Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0544 vulnerable 2026-06-03 14:36:19.005232 Details available
An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879.
Published: 2017-04-07T22:00:00.000Z
Updated: 2024-08-05T13:11:06.071Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0541 vulnerable 2026-06-03 14:36:19.003464 Details available
A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018.
Published: 2017-04-07T22:00:00.000Z
Updated: 2024-08-05T13:11:06.116Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0540 vulnerable 2026-06-03 14:36:19.002549 Details available
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031.
Published: 2017-04-07T22:00:00.000Z
Updated: 2024-08-05T13:11:06.174Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0539 vulnerable 2026-06-03 14:36:19.001987 Details available
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300.
Published: 2017-04-07T22:00:00.000Z
Updated: 2024-08-05T13:11:06.159Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0499 vulnerable 2026-06-03 14:36:18.990490 Details available
A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713.
Published: 2017-03-08T01:00:00.000Z
Updated: 2024-08-05T13:11:05.983Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0498 vulnerable 2026-06-03 14:36:18.989981 Details available
A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30352311.
Published: 2017-03-08T01:00:00.000Z
Updated: 2024-08-05T13:11:05.615Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0496 vulnerable 2026-06-03 14:36:18.989165 Details available
A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-31554152.
Published: 2017-03-08T01:00:00.000Z
Updated: 2024-08-05T13:11:05.814Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0491 vulnerable 2026-06-03 14:36:18.987120 Details available
An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32553261.
Published: 2017-03-08T01:00:00.000Z
Updated: 2024-08-05T13:11:05.579Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0489 vulnerable 2026-06-03 14:36:18.985804 Details available
An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33091107.
Published: 2017-03-08T01:00:00.000Z
Updated: 2024-08-05T13:11:05.764Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0483 vulnerable 2026-06-03 14:36:18.982596 Details available
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33137046.
Published: 2017-03-08T01:00:00.000Z
Updated: 2024-08-05T13:11:05.587Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0481 vulnerable 2026-06-03 14:36:18.981697 Details available
An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33434992.
Published: 2017-03-08T01:00:00.000Z
Updated: 2024-08-05T13:11:05.809Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0480 vulnerable 2026-06-03 14:36:18.980773 Details available
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705429.
Published: 2017-03-08T01:00:00.000Z
Updated: 2024-08-05T13:11:05.647Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0479 vulnerable 2026-06-03 14:36:18.979911 Details available
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32707507.
Published: 2017-03-08T01:00:00.000Z
Updated: 2024-08-05T13:11:05.591Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0478 vulnerable 2026-06-03 14:36:18.979045 Details available
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33718716.
Published: 2017-03-08T01:00:00.000Z
Updated: 2024-08-05T13:11:06.011Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0475 vulnerable 2026-06-03 14:36:18.977739 Details available
An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31914369.
Published: 2017-03-08T01:00:00.000Z
Updated: 2024-08-05T13:11:05.515Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0425 vulnerable 2026-06-03 14:36:18.960390 Details available
An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785.
Published: 2017-02-08T15:00:00.000Z
Updated: 2024-08-05T13:03:57.212Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0423 vulnerable 2026-06-03 14:36:18.959101 Details available
An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586.
Published: 2017-02-08T15:00:00.000Z
Updated: 2024-08-05T13:03:57.152Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0422 vulnerable 2026-06-03 14:36:18.958508 Details available
A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088.
Published: 2017-02-08T15:00:00.000Z
Updated: 2024-08-05T13:03:57.174Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0421 vulnerable 2026-06-03 14:36:18.957651 Details available
An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637.
Published: 2017-02-08T15:00:00.000Z
Updated: 2024-08-05T13:03:57.187Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0420 vulnerable 2026-06-03 14:36:18.957124 Details available
An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212.
Published: 2017-02-08T15:00:00.000Z
Updated: 2024-08-05T13:03:57.164Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0419 vulnerable 2026-06-03 14:36:18.956247 Details available
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32220769.
Published: 2017-02-08T15:00:00.000Z
Updated: 2024-08-05T13:03:57.148Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0418 vulnerable 2026-06-03 14:36:18.955321 Details available
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32703959.
Published: 2017-02-08T15:00:00.000Z
Updated: 2024-08-05T13:03:57.197Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0417 vulnerable 2026-06-03 14:36:18.954446 Details available
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705438.
Published: 2017-02-08T15:00:00.000Z
Updated: 2024-08-05T13:03:57.149Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0416 vulnerable 2026-06-03 14:36:18.953574 Details available
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609.
Published: 2017-02-08T15:00:00.000Z
Updated: 2024-08-05T13:03:57.107Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0410 vulnerable 2026-06-03 14:36:18.950704 Details available
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31929765.
Published: 2017-02-08T15:00:00.000Z
Updated: 2024-08-05T13:03:57.145Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0400 vulnerable 2026-06-03 14:36:18.920104 Details available
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32584034.
Published: 2017-01-12T20:00:00.000Z
Updated: 2024-08-05T13:03:57.025Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0397 vulnerable 2026-06-03 14:36:18.918474 Details available
An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32377688.
Published: 2017-01-12T20:00:00.000Z
Updated: 2024-08-05T13:03:57.083Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0396 vulnerable 2026-06-03 14:36:18.917552 Details available
An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965.
Published: 2017-01-12T20:00:00.000Z
Updated: 2024-08-05T13:03:57.083Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0395 vulnerable 2026-06-03 14:36:18.916688 Details available
An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32219099.
Published: 2017-01-12T20:00:00.000Z
Updated: 2024-08-05T13:03:57.052Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0394 vulnerable 2026-06-03 14:36:18.915830 Details available
A denial of service vulnerability in Telephony could enable a remote attacker to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31752213.
Published: 2017-01-12T20:00:00.000Z
Updated: 2024-08-05T13:03:57.054Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0393 vulnerable 2026-06-03 14:36:18.915322 Details available
A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808.
Published: 2017-01-12T20:00:00.000Z
Updated: 2024-08-05T13:03:57.061Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0392 vulnerable 2026-06-03 14:36:18.914385 Details available
A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32577290.
Published: 2017-01-12T20:00:00.000Z
Updated: 2024-08-05T13:03:56.975Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0390 vulnerable 2026-06-03 14:36:18.913125 Details available
A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31647370.
Published: 2017-01-12T20:00:00.000Z
Updated: 2024-08-05T13:03:57.016Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0387 vulnerable 2026-06-03 14:36:18.911432 Details available
An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32660278.
Published: 2017-01-12T20:00:00.000Z
Updated: 2024-08-05T13:03:56.980Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0386 vulnerable 2026-06-03 14:36:18.910921 Details available
An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299.
Published: 2017-01-12T20:00:00.000Z
Updated: 2024-08-05T13:03:57.059Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0385 vulnerable 2026-06-03 14:36:18.910402 Details available
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32585400.
Published: 2017-01-12T20:00:00.000Z
Updated: 2024-08-05T13:03:57.080Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0384 vulnerable 2026-06-03 14:36:18.909421 Details available
An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32095626.
Published: 2017-01-12T20:00:00.000Z
Updated: 2024-08-05T13:03:56.998Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0382 vulnerable 2026-06-03 14:36:18.897278 Details available
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390.
Published: 2017-01-12T20:00:00.000Z
Updated: 2024-08-05T13:03:57.051Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0381 vulnerable 2026-06-03 14:36:18.892499 Details available
An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432.
Published: 2017-01-12T20:00:00.000Z
Updated: 2024-08-05T13:03:57.096Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-7991 vulnerable 2026-06-03 14:36:08.771937 Details available
On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.
Published: 2016-10-31T10:00:00.000Z
Updated: 2024-08-06T02:13:21.791Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-7990 vulnerable 2026-06-03 14:36:08.771229 Details available
On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.
Published: 2016-10-31T10:00:00.000Z
Updated: 2024-08-06T02:13:21.617Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-7989 vulnerable 2026-06-03 14:36:08.770483 Details available
On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542.
Published: 2016-10-31T10:00:00.000Z
Updated: 2024-08-06T02:13:21.260Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-7988 vulnerable 2026-06-03 14:36:08.764843 Details available
On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542.
Published: 2016-10-31T10:00:00.000Z
Updated: 2024-08-06T02:13:21.422Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6772 vulnerable 2026-06-03 14:36:06.053178 Details available
An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351.
Published: 2017-01-12T15:00:00.000Z
Updated: 2024-08-06T01:43:37.891Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6770 vulnerable 2026-06-03 14:36:06.052319 Details available
An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228.
Published: 2017-01-12T15:00:00.000Z
Updated: 2024-08-06T01:43:37.715Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6769 vulnerable 2026-06-03 14:36:06.051494 Details available
An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-29055171.
Published: 2017-01-12T15:00:00.000Z
Updated: 2024-08-06T01:43:37.836Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6768 vulnerable 2026-06-03 14:36:06.050958 Details available
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31631842.
Published: 2017-01-12T15:00:00.000Z
Updated: 2024-08-06T01:43:38.167Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6766 vulnerable 2026-06-03 14:36:06.049804 Details available
A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31318219.
Published: 2017-01-12T15:00:00.000Z
Updated: 2024-08-06T01:43:37.790Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6765 vulnerable 2026-06-03 14:36:06.048988 Details available
A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945.
Published: 2017-01-12T15:00:00.000Z
Updated: 2024-08-06T01:43:37.779Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6764 vulnerable 2026-06-03 14:36:06.048040 Details available
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31681434.
Published: 2017-01-12T15:00:00.000Z
Updated: 2024-08-06T01:43:38.141Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6763 vulnerable 2026-06-03 14:36:06.047095 Details available
A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31530456.
Published: 2017-01-12T15:00:00.000Z
Updated: 2024-08-06T01:43:37.900Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6762 vulnerable 2026-06-03 14:36:06.033177 Details available
An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31251826.
Published: 2017-01-12T15:00:00.000Z
Updated: 2024-08-06T01:43:37.851Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6754 vulnerable 2026-06-03 14:36:06.027361 Details available
A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937.
Published: 2016-11-25T16:00:00.000Z
Updated: 2024-08-06T01:43:37.841Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6712 vulnerable 2026-06-03 14:36:01.149609 Details available
A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30593752.
Published: 2016-12-13T19:00:00.000Z
Updated: 2024-08-06T01:36:29.585Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6711 vulnerable 2026-06-03 14:36:01.148879 Details available
A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30593765.
Published: 2016-12-13T19:00:00.000Z
Updated: 2024-08-06T01:36:29.542Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6703 vulnerable 2026-06-03 14:36:01.145756 Details available
A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Android runtime. Android ID: A-30765246.
Published: 2016-11-25T16:00:00.000Z
Updated: 2024-08-06T01:36:29.368Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6702 vulnerable 2026-06-03 14:36:01.144916 Details available
A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.
Published: 2016-11-25T16:00:00.000Z
Updated: 2024-08-06T01:36:29.563Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6700 vulnerable 2026-06-03 14:36:01.143899 Details available
An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30916186.
Published: 2016-11-25T16:00:00.000Z
Updated: 2024-08-06T01:36:29.425Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6604 not_vulnerable 2026-06-03 14:36:00.765780 Details available
NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. The Samsung ID is SVE-2016-6382.
Published: 2017-01-30T22:00:00.000Z
Updated: 2024-08-06T01:36:28.498Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-5348 vulnerable 2026-06-03 14:35:54.973426 Details available
The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service (memory consumption, and device hang or reboot) via a large xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 29555864.
Published: 2016-10-10T10:00:00.000Z
Updated: 2024-09-17T02:21:28.324Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3924 vulnerable 2026-06-03 14:35:46.757382 Details available
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate EFFECT_CMD_SET_PARAM and EFFECT_CMD_SET_PARAM_DEFERRED commands, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 30204301.
Published: 2016-10-10T10:00:00.000Z
Updated: 2024-08-06T00:10:31.891Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3921 vulnerable 2026-06-03 14:35:46.755904 Details available
libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 29831647.
Published: 2016-10-10T10:00:00.000Z
Updated: 2024-08-06T00:10:31.884Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3920 vulnerable 2026-06-03 14:35:46.755134 Details available
id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 30744884.
Published: 2016-10-10T10:00:00.000Z
Updated: 2024-08-06T00:10:31.875Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3918 vulnerable 2026-06-03 14:35:46.754641 Details available
email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a crafted application that provides a pathname value, aka internal bug 30745403.
Published: 2016-10-10T10:00:00.000Z
Updated: 2024-08-06T00:10:31.877Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3916 vulnerable 2026-06-03 14:35:46.753541 Details available
camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30741779.
Published: 2016-10-10T10:00:00.000Z
Updated: 2024-08-06T00:10:31.854Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3915 vulnerable 2026-06-03 14:35:46.752728 Details available
camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30591838.
Published: 2016-10-10T10:00:00.000Z
Updated: 2024-08-06T00:10:31.857Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3914 vulnerable 2026-06-03 14:35:46.751954 Details available
Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application that modifies a database between two open operations, aka internal bug 30481342.
Published: 2016-10-10T10:00:00.000Z
Updated: 2024-08-06T00:10:31.872Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3913 vulnerable 2026-06-03 14:35:46.751201 Details available
media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate a certain static_cast operation, which allows attackers to gain privileges via a crafted application, aka internal bug 30204103.
Published: 2016-10-10T10:00:00.000Z
Updated: 2024-08-06T00:10:31.882Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3912 vulnerable 2026-06-03 14:35:46.750422 Details available
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allow attackers to gain privileges via a crafted application, aka internal bug 30202481.
Published: 2016-10-10T10:00:00.000Z
Updated: 2024-08-06T00:10:31.779Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3911 vulnerable 2026-06-03 14:35:46.749576 Details available
core/java/android/os/Process.java in Zygote in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30143607.
Published: 2016-10-10T10:00:00.000Z
Updated: 2024-08-06T00:10:31.900Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3910 vulnerable 2026-06-03 14:35:46.748794 Details available
services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30148546.
Published: 2016-10-10T10:00:00.000Z
Updated: 2024-08-06T00:10:31.860Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3909 vulnerable 2026-06-03 14:35:46.748356 Details available
The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30033990.
Published: 2016-10-10T10:00:00.000Z
Updated: 2024-08-06T00:10:31.802Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3900 vulnerable 2026-06-03 14:35:46.708721 Details available
cmds/servicemanager/service_manager.c in ServiceManager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not properly restrict service registration, which allows attackers to gain privileges via a crafted application, aka internal bug 29431260.
Published: 2016-10-10T10:00:00.000Z
Updated: 2024-08-06T00:10:31.821Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3899 vulnerable 2026-06-03 14:35:46.708183 Details available
OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29421811.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.785Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3898 vulnerable 2026-06-03 14:35:46.707412 Details available
Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service (loss of locked-screen 911 TTY functionality) via a crafted application that modifies the TTY mode by broadcasting an intent, aka internal bug 29832693.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.765Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3897 vulnerable 2026-06-03 14:35:46.706987 Details available
The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the return value of a toString method call, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25624963.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.842Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3896 vulnerable 2026-06-03 14:35:46.706228 Details available
AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted application, aka internal bug 29767043.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.801Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3890 vulnerable 2026-06-03 14:35:46.704140 Details available
The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.755Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3888 vulnerable 2026-06-03 14:35:46.702964 Details available
internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.805Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3885 vulnerable 2026-06-03 14:35:46.701570 Details available
debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal bug 29555636.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.664Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3883 vulnerable 2026-06-03 14:35:46.700726 Details available
internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attackers to spoof the premium-payment confirmation dialog via a crafted application, aka internal bug 28557603.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.685Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3881 vulnerable 2026-06-03 14:35:46.699466 Details available
The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and device hang or reboot) via a crafted media file, aka internal bug 30013856.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.322Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3880 vulnerable 2026-06-03 14:35:46.698640 Details available
Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 25747670.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.389Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3879 vulnerable 2026-06-03 14:35:46.697844 Details available
arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka internal bug 29770686.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.298Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3872 vulnerable 2026-06-03 14:35:46.694867 Details available
Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug 29421675.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.390Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3871 vulnerable 2026-06-03 14:35:46.694016 Details available
Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka internal bug 29422022.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.553Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3870 vulnerable 2026-06-03 14:35:46.693042 Details available
omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not prevent input-port changes, which allows attackers to gain privileges via a crafted application, aka internal bug 29421804.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.263Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3863 vulnerable 2026-06-03 14:35:46.690510 Details available
Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a crafted media file, aka internal bug 29161888.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.218Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3862 vulnerable 2026-06-03 14:35:46.689730 Details available
media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjhead_jni, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 29270469.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.381Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3861 vulnerable 2026-06-03 14:35:46.628267 Details available
LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543.
Published: 2016-09-11T21:00:00.000Z
Updated: 2024-08-06T00:10:31.316Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3840 vulnerable 2026-06-03 14:35:46.621438 Details available
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:31.194Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3839 vulnerable 2026-06-03 14:35:46.620694 Details available
Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:31.165Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3837 vulnerable 2026-06-03 14:35:46.619536 Details available
service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too few characters, aka internal bug 28164077.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:30.996Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3836 vulnerable 2026-06-03 14:35:46.619123 Details available
The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:31.080Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3835 vulnerable 2026-06-03 14:35:46.618707 Details available
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:31.296Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3834 vulnerable 2026-06-03 14:35:46.617949 Details available
The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:31.182Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3833 vulnerable 2026-06-03 14:35:46.617211 Details available
The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:31.284Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3832 vulnerable 2026-06-03 14:35:46.616344 Details available
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:30.987Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3831 vulnerable 2026-06-03 14:35:46.615622 Details available
The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a "Year 2038 problem."
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:31.193Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3830 vulnerable 2026-06-03 14:35:46.614880 Details available
codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:31.147Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3826 vulnerable 2026-06-03 14:35:46.613145 Details available
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:31.145Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3825 vulnerable 2026-06-03 14:35:46.612405 Details available
mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:31.072Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3824 vulnerable 2026-06-03 14:35:46.612003 Details available
omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:31.141Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3823 vulnerable 2026-06-03 14:35:46.611278 Details available
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:30.970Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3822 vulnerable 2026-06-03 14:35:46.610442 Details available
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:31.186Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3821 vulnerable 2026-06-03 14:35:46.609680 Details available
libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:30.826Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3819 vulnerable 2026-06-03 14:35:46.608614 Details available
Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28533562.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-06T00:10:31.175Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3766 vulnerable 2026-06-03 14:35:46.597741 Details available
MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not check whether memory allocation succeeds, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28471206.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.481Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3764 vulnerable 2026-06-03 14:35:46.596629 Details available
media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive pointer information via a crafted application, aka internal bug 28377502.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.450Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3763 vulnerable 2026-06-03 14:35:46.595919 Details available
net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.493Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3762 vulnerable 2026-06-03 14:35:46.595205 Details available
The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application that uses (1) the AF_MSM_IPC socket class or (2) another socket class that is unrecognized by SELinux, aka internal bug 28612709.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.527Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3761 vulnerable 2026-06-03 14:35:46.594803 Details available
NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.573Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3760 vulnerable 2026-06-03 14:35:46.594001 Details available
Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.457Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3759 vulnerable 2026-06-03 14:35:46.593576 Details available
The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.457Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3758 vulnerable 2026-06-03 14:35:46.593192 Details available
Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides a long filename, aka internal bug 27840771.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.548Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3757 vulnerable 2026-06-03 14:35:46.592474 Details available
The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237. NOTE: print_maps is not related to the Vic Abell lsof product.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.573Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3756 vulnerable 2026-06-03 14:35:46.591736 Details available
Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28556125.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.428Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3754 vulnerable 2026-06-03 14:35:46.590604 Details available
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.455Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3751 vulnerable 2026-06-03 14:35:46.588863 Details available
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.421Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3750 vulnerable 2026-06-03 14:35:46.576741 Details available
libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted application, aka internal bug 28395952.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.486Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3747 vulnerable 2026-06-03 14:35:46.575382 Details available
Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27903498.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.534Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3746 vulnerable 2026-06-03 14:35:46.574664 Details available
Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27890802.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.592Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3745 vulnerable 2026-06-03 14:35:46.573862 Details available
Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28173666.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.550Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3744 vulnerable 2026-06-03 14:35:46.573116 Details available
Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to gain privileges via a crafted pairing operation, aka internal bug 27930580.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-06T00:03:34.574Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2508 vulnerable 2026-06-03 14:35:43.037725 Details available
media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28799341.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-05T23:32:20.347Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2507 vulnerable 2026-06-03 14:35:43.036765 Details available
Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28532266.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-05T23:32:20.466Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2506 vulnerable 2026-06-03 14:35:43.035678 Details available
DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045.
Published: 2016-07-11T01:00:00.000Z
Updated: 2024-08-05T23:32:20.468Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2500 vulnerable 2026-06-03 14:35:43.032887 Details available
Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.336Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2499 vulnerable 2026-06-03 14:35:43.032353 Details available
AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.465Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2497 vulnerable 2026-06-03 14:35:42.986527 Details available
services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489.
Published: 2016-08-05T20:00:00.000Z
Updated: 2024-08-05T23:32:20.125Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2495 vulnerable 2026-06-03 14:35:42.984958 Details available
SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28076789.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.466Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2494 vulnerable 2026-06-03 14:35:42.983907 Details available
Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.088Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2487 vulnerable 2026-06-03 14:35:42.980827 Details available
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27833616.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.438Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2486 vulnerable 2026-06-03 14:35:42.979964 Details available
mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793371.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.224Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2485 vulnerable 2026-06-03 14:35:42.979048 Details available
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793367.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.063Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2484 vulnerable 2026-06-03 14:35:42.978203 Details available
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793163.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.075Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2483 vulnerable 2026-06-03 14:35:42.977381 Details available
The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27662502.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.086Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2482 vulnerable 2026-06-03 14:35:42.976543 Details available
The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27661749.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.364Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2481 vulnerable 2026-06-03 14:35:42.975529 Details available
The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532497.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.326Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2480 vulnerable 2026-06-03 14:35:42.974696 Details available
The mm-video-v4l2 vidc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate certain OMX parameter data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532721.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.143Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2479 vulnerable 2026-06-03 14:35:42.973843 Details available
The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532282.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.122Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2478 vulnerable 2026-06-03 14:35:42.972986 Details available
mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27475409.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.239Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2477 vulnerable 2026-06-03 14:35:42.972060 Details available
mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27251096.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.142Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2476 vulnerable 2026-06-03 14:35:42.971225 Details available
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27207275.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.469Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2464 vulnerable 2026-06-03 14:35:42.966334 Details available
libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.318Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2463 vulnerable 2026-06-03 14:35:42.965442 Details available
Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation, aka internal bug 27855419.
Published: 2016-06-13T01:00:00.000Z
Updated: 2024-08-05T23:32:20.143Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2460 vulnerable 2026-06-03 14:35:42.963642 Details available
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27555981.
Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-05T23:32:20.167Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2459 vulnerable 2026-06-03 14:35:42.958439 Details available
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27556038.
Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-05T23:32:20.151Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2458 vulnerable 2026-06-03 14:35:42.953200 Details available
The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and ComposeActivityEmail.java, aka internal bug 27335139.
Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-05T23:32:20.444Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2457 vulnerable 2026-06-03 14:35:42.952684 Details available
server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179.
Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-05T23:32:20.081Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2452 vulnerable 2026-06-03 14:35:42.935312 Details available
codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 27662364 and 27843673.
Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-05T23:32:20.554Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2451 vulnerable 2026-06-03 14:35:42.934324 Details available
codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27597103.
Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-05T23:32:20.465Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2450 vulnerable 2026-06-03 14:35:42.933391 Details available
codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27569635.
Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-05T23:32:20.236Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2449 vulnerable 2026-06-03 14:35:42.932361 Details available
services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template IDs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27568958.
Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-05T23:32:20.073Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2448 vulnerable 2026-06-03 14:35:42.931391 Details available
media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27533704.
Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-05T23:32:20.314Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2440 vulnerable 2026-06-03 14:35:42.918932 Details available
libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896.
Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-05T23:24:49.359Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2439 vulnerable 2026-06-03 14:35:42.917951 Details available
Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows remote attackers to execute arbitrary code via a long PIN value, aka internal bug 27411268.
Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-05T23:24:49.381Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2430 vulnerable 2026-06-03 14:35:42.897933 Details available
libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236.
Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-05T23:24:49.353Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2429 vulnerable 2026-06-03 14:35:42.896952 Details available
libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted media file, aka internal bug 27211885.
Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-05T23:24:49.357Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2428 vulnerable 2026-06-03 14:35:42.895955 Details available
libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339.
Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-05T23:24:49.371Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2427 vulnerable 2026-06-03 14:35:42.892764 Details available
The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568. NOTE: The vendor disputes the existence of this potential issue in Android, stating "This CVE was raised in error: it referred to the authentication tag size in GCM, whose default according to ASN.1 encoding (12 bytes) can lead to vulnerabilities. After careful consideration, it was decided that the insecure default value of 12 bytes was a default only for the encoding and not default anywhere else in Android, and hence no vulnerability existed.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T23:24:49.369Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2426 vulnerable 2026-06-03 14:35:42.861560 Details available
server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 26094635.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T23:24:49.351Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2425 vulnerable 2026-06-03 14:35:42.860215 Details available
mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T23:24:49.343Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2424 vulnerable 2026-06-03 14:35:42.858066 Details available
server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted application, aka internal bug 26513719.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T23:24:49.340Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2423 vulnerable 2026-06-03 14:35:42.856056 Details available
server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T23:24:49.287Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2422 vulnerable 2026-06-03 14:35:42.854264 Details available
Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324357.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T23:24:49.281Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2420 vulnerable 2026-06-03 14:35:42.852571 Details available
rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T23:24:49.362Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2417 vulnerable 2026-06-03 14:35:42.849260 Details available
media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T23:24:49.354Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2416 vulnerable 2026-06-03 14:35:42.847274 Details available
libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T23:24:49.341Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2415 vulnerable 2026-06-03 14:35:42.845337 Details available
exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request, aka internal bug 26488455.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T23:24:49.309Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2414 vulnerable 2026-06-03 14:35:42.844762 Details available
The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) via a crafted font, aka internal bug 26413177.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T23:24:49.320Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2413 vulnerable 2026-06-03 14:35:42.843873 Details available
media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T23:24:49.271Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2412 vulnerable 2026-06-03 14:35:42.837887 Details available
include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T23:24:49.290Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2108 vulnerable 2026-06-03 14:35:36.751956 Details available
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
Published: 2016-05-05T00:00:00.000Z
Updated: 2024-08-05T23:17:50.714Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2107 vulnerable 2026-06-03 14:35:36.742192 Details available
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
Published: 2016-05-05T00:00:00.000Z
Updated: 2024-08-05T23:17:50.633Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-1621 vulnerable 2026-06-03 14:35:35.626769 Details available
libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.
Published: 2016-03-12T21:00:00.000Z
Updated: 2024-08-05T23:02:12.181Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-1503 vulnerable 2026-06-03 14:35:35.394265 Details available
dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T22:55:14.649Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-1155 vulnerable 2026-06-03 14:35:30.787681 db.gcve.eu returned HTTP 503. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0850 vulnerable 2026-06-03 14:35:22.431884 Details available
The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to bypass intended pairing restrictions via a crafted device, aka internal bug 26551752.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T22:30:05.125Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0849 vulnerable 2026-06-03 14:35:22.430902 Details available
Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26960931.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T22:30:05.064Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0848 vulnerable 2026-06-03 14:35:22.430226 Details available
Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T22:30:05.034Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0847 vulnerable 2026-06-03 14:35:22.429009 Details available
The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T22:30:05.131Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0846 vulnerable 2026-06-03 14:35:22.428485 Details available
libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T22:30:05.106Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0843 vulnerable 2026-06-03 14:35:22.427015 Details available
The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T22:30:05.033Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0841 vulnerable 2026-06-03 14:35:22.425618 Details available
media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T22:30:05.149Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0838 vulnerable 2026-06-03 14:35:22.423554 Details available
Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to arm-wt-22k/lib_src/eas_wtengine.c and arm-wt-22k/lib_src/eas_wtsynth.c, aka internal bug 26366256.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T22:30:05.062Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0837 vulnerable 2026-06-03 14:35:22.422607 Details available
MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka internal bug 27208621.
Published: 2016-04-18T00:00:00.000Z
Updated: 2024-08-05T22:30:05.204Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0832 vulnerable 2026-06-03 14:35:22.376722 Details available
Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042.
Published: 2016-03-12T21:00:00.000Z
Updated: 2024-08-05T22:30:05.164Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0831 vulnerable 2026-06-03 14:35:22.376135 Details available
The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215.
Published: 2016-03-12T21:00:00.000Z
Updated: 2024-08-05T22:30:05.135Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0829 vulnerable 2026-06-03 14:35:22.375185 Details available
The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109.
Published: 2016-03-12T21:00:00.000Z
Updated: 2024-08-05T22:30:05.052Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0828 vulnerable 2026-06-03 14:35:22.374129 Details available
The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113.
Published: 2016-03-12T21:00:00.000Z
Updated: 2024-08-05T22:30:05.042Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0827 vulnerable 2026-06-03 14:35:22.373452 Details available
Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509.
Published: 2016-03-12T21:00:00.000Z
Updated: 2024-08-05T22:30:05.071Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0826 vulnerable 2026-06-03 14:35:22.372440 Details available
libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403.
Published: 2016-03-12T21:00:00.000Z
Updated: 2024-08-05T22:30:05.147Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0819 vulnerable 2026-06-03 14:35:22.368714 Details available
The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034.
Published: 2016-03-12T21:00:00.000Z
Updated: 2024-08-05T22:30:05.099Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0818 vulnerable 2026-06-03 14:35:22.367650 Details available
The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830.
Published: 2016-03-12T21:00:00.000Z
Updated: 2024-08-05T22:30:04.993Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0815 vulnerable 2026-06-03 14:35:22.366221 Details available
The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349.
Published: 2016-03-12T21:00:00.000Z
Updated: 2024-08-05T22:30:05.148Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0810 vulnerable 2026-06-03 14:35:22.363734 Details available
media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25781119.
Published: 2016-02-07T01:00:00.000Z
Updated: 2024-08-05T22:30:05.161Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0808 vulnerable 2026-06-03 14:35:22.362310 Details available
Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298.
Published: 2016-02-07T01:00:00.000Z
Updated: 2024-08-05T22:30:05.035Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0806 vulnerable 2026-06-03 14:35:22.361276 Details available
The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453.
Published: 2016-02-07T01:00:00.000Z
Updated: 2024-08-05T22:30:05.054Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0805 vulnerable 2026-06-03 14:35:22.357899 Details available
The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204.
Published: 2016-02-07T01:00:00.000Z
Updated: 2024-08-05T22:30:05.163Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0804 vulnerable 2026-06-03 14:35:22.356264 Details available
The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434.
Published: 2016-02-07T01:00:00.000Z
Updated: 2024-08-05T22:30:05.047Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0803 vulnerable 2026-06-03 14:35:22.355556 Details available
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794.
Published: 2016-02-07T01:00:00.000Z
Updated: 2024-08-05T22:30:05.172Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0728 vulnerable 2026-06-03 14:35:21.965370 Details available
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Published: 2016-02-08T02:00:00.000Z
Updated: 2024-08-05T22:30:03.960Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0705 vulnerable 2026-06-03 14:35:21.806556 Details available
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
Published: 2016-03-03T00:00:00.000Z
Updated: 2024-08-05T22:30:04.546Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-6647 vulnerable 2026-06-03 14:35:02.572019 Details available
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.
Published: 2016-01-06T00:00:00.000Z
Updated: 2025-02-13T16:27:13.475Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-6645 vulnerable 2026-06-03 14:35:02.571305 Details available
SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.
Published: 2016-01-06T19:00:00.000Z
Updated: 2024-08-06T07:29:24.026Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-6644 vulnerable 2026-06-03 14:35:02.570197 Details available
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
Published: 2016-01-06T19:00:00.000Z
Updated: 2024-08-06T07:29:24.276Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-3854 vulnerable 2026-06-03 14:34:50.629840 Details available
packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350.
Published: 2016-08-07T21:00:00.000Z
Updated: 2024-08-06T05:56:15.908Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-1805 vulnerable 2026-06-03 14:34:40.148758 Details available
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
Published: 2015-08-08T10:00:00.000Z
Updated: 2024-08-06T04:54:16.310Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-7921 vulnerable 2026-06-03 14:34:16.745858 Details available
mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.
Published: 2017-04-13T15:00:00.000Z
Updated: 2024-08-06T13:03:27.669Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-7920 vulnerable 2026-06-03 14:34:16.744643 db.gcve.eu returned HTTP 503. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.