Google: >> Android >> 4.0.4 Security Vulnerabilities
arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug 28598347 and Qualcomm internal bug CR548679.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-07-11
The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-07-11
The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598501 and Qualcomm internal bug CR563654.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-07-11
Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-07-11
AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172.
CVSS Score
5.5
EPSS Score
0.001
Published
2016-06-13
SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28076789.
CVSS Score
5.5
EPSS Score
0.003
Published
2016-06-13
Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658.
CVSS Score
7.8
EPSS Score
0.011
Published
2016-06-13
The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522.
CVSS Score
7.8
EPSS Score
0.0
Published
2016-06-13
The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408.
CVSS Score
7.8
EPSS Score
0.0
Published
2016-06-13
The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373.
CVSS Score
7.8
EPSS Score
0.0
Published
2016-06-13