Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 15289 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8433 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31750190. References: MT-ALPS02974192.
CVE-2016-8423 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31399736. References: QC-CR#1000546.
CVE-2016-8422 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31471220. References: QC-CR#979426.
CVE-2016-8421 2 Google, Linux 2 Android, Linux Kernel 2026-06-17 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797.
CVE-2016-8420 2 Google, Linux 2 Android, Linux Kernel 2026-06-17 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807.
CVE-2016-8419 2 Google, Linux 2 Android, Linux Kernel 2026-06-17 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209.
CVE-2016-8418 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457.
CVE-2016-8414 2 Google, Linux 2 Android, Linux Kernel 2026-06-17 2.6 LOW 4.7 MEDIUM
An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407.
CVE-2016-8411 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775.
CVE-2016-8396 1 Google 1 Android 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-31249105.
CVE-2016-7991 2 Google, Samsung 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more 2026-06-17 7.8 HIGH 7.5 HIGH
On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.
CVE-2016-7990 2 Google, Samsung 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more 2026-06-17 10.0 HIGH 9.8 CRITICAL
On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.
CVE-2016-7989 2 Google, Samsung 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more 2026-06-17 7.8 HIGH 7.5 HIGH
On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542.
CVE-2016-7988 2 Google, Samsung 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more 2026-06-17 7.8 HIGH 7.5 HIGH
On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542.
CVE-2016-7892 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2026-06-17 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
CVE-2016-7890 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2026-06-17 6.8 MEDIUM 8.8 HIGH
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy.
CVE-2016-7881 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2026-06-17 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Successful exploitation could lead to arbitrary code execution.
CVE-2016-7880 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2026-06-17 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution.
CVE-2016-7879 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2026-06-17 6.8 MEDIUM 8.8 HIGH
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution.
CVE-2016-7878 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2026-06-17 6.8 MEDIUM 8.8 HIGH
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution.