Google Inc Android vulnerabilities

CVE-2016-6724 [MEDIUM] CWE-284 CVE-2016-6724: A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x be A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. This issue is rated as Moderate because it is a temporary denial of service that requi

CVE-2016-6749 [MEDIUM] CWE-200 CVE-2016-6749: An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged

CVE-2016-6721 [MEDIUM] CWE-200 CVE-2016-6721: An information disclosure vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 befo An information disclosure vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Android ID: A-30875060.

CVE-2016-6708 [MEDIUM] CWE-254 CVE-2016-6708: An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local mal An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or security setting modifications. Android ID: A-30693465.

CVE-2016-6719 [MEDIUM] CWE-275 CVE-2016-6719: An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0. An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user

CVE-2016-6718 [MEDIUM] CWE-200 CVE-2016-6718: An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11 An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11-01 could enable a local malicious application to retrieve sensitive information without user interaction. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require

CVE-2016-6751 [MEDIUM] CWE-200 CVE-2016-6751: An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged

CVE-2016-6710 [MEDIUM] CWE-200 CVE-2016-6710: An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used

CVE-2016-6698 [MEDIUM] CWE-200 CVE-2016-6698: An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged

CVE-2016-6747 [MEDIUM] CWE-284 CVE-2016-6747: A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attack A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA N-CVE-2016-6747.

CVE-2016-6709 [MEDIUM] CWE-200 CVE-2016-6709: An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High because it could be used to access data without permission.

CVE-2016-6723 [MEDIUM] CWE-284 CVE-2016-6723: A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0 A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuratio

CVE-2016-3907 [MEDIUM] CWE-200 CVE-2016-3907: An information disclosure vulnerability in Qualcomm components including the GPU driver, power drive An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged

CVE-2016-6714 [MEDIUM] CWE-284 CVE-2016-6714: A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 bef A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31092462.

CVE-2016-6713 [MEDIUM] CWE-284 CVE-2016-6713: A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 bef A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30822755.

CVE-2016-6746 [MEDIUM] CWE-200 CVE-2016-6746: An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Android ID: A-30955105. References: NVIDIA N-CVE-2016-67

CVE-2016-6716 [MEDIUM] CWE-284 CVE-2016-6716: An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the user's consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally r

CVE-2016-6715 [MEDIUM] CWE-275 CVE-2016-6715: An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x bef An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the user's permission. This issue is rated as Moderate because it is a local bypass of user interaction req

CVE-2016-6753 [MEDIUM] CWE-200 CVE-2016-6753: An information disclosure vulnerability in kernel components, including the process-grouping subsyst An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Androi