Google Inc Android vulnerabilities

CVE-2016-6702 [HIGH] CWE-284 CVE-2016-6702: A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, an A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjp

CVE-2016-6733 [HIGH] CWE-264 CVE-2016-6733: An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the

CVE-2016-6744 [HIGH] CWE-264 CVE-2016-6744: An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-1 An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30970485.

CVE-2016-6732 [HIGH] CWE-264 CVE-2016-6732: An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the

CVE-2016-6700 [HIGH] CWE-264 CVE-2016-6700: An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0. An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require ref

CVE-2016-6737 [HIGH] CWE-264 CVE-2016-6737: An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 cou An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair

CVE-2016-6736 [HIGH] CWE-264 CVE-2016-6736: An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the

CVE-2016-6729 [HIGH] CWE-264 CVE-2016-6729: An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 coul An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair t

CVE-2016-6717 [HIGH] CWE-264 CVE-2016-6717: An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0 An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires exploitatio

CVE-2016-6703 [HIGH] CWE-284 CVE-2016-6703: A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0 A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote cod

CVE-2016-6734 [HIGH] CWE-264 CVE-2016-6734: An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the

CVE-2016-6701 [HIGH] CWE-119 CVE-2016-6701: A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an at A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637.

CVE-2016-6707 [HIGH] CWE-264 CVE-2016-6707: An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 be An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally acc

CVE-2016-6704 [HIGH] CWE-264 CVE-2016-6704: An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0 An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local ac

CVE-2016-3904 [HIGH] CWE-264 CVE-2016-3904: An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 coul An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30311977. References: Qualcomm QC-CR#1050455.

CVE-2016-6730 [HIGH] CWE-264 CVE-2016-6730: An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the

CVE-2016-6738 [HIGH] CWE-264 CVE-2016-6738: An elevation of privilege vulnerability in the Qualcomm crypto engine driver in Android before 2016- An elevation of privilege vulnerability in the Qualcomm crypto engine driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30034511. References: Qualcomm QC-CR#105053

CVE-2016-6748 [MEDIUM] CWE-200 CVE-2016-6748: An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged

CVE-2016-6750 [MEDIUM] CWE-200 CVE-2016-6750: An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged

CVE-2016-6752 [MEDIUM] CWE-200 CVE-2016-6752: An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged