Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 15289 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0808 1 Google 1 Android 2026-06-17 4.9 MEDIUM 6.2 MEDIUM
Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298.
CVE-2016-0807 1 Google 1 Android 2026-06-17 7.2 HIGH 8.4 HIGH
The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.
CVE-2016-0806 1 Google 1 Android 2026-06-17 7.2 HIGH 8.4 HIGH
The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453.
CVE-2016-0805 1 Google 1 Android 2026-06-17 7.2 HIGH 8.4 HIGH
The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204.
CVE-2016-0804 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434.
CVE-2016-0803 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794.
CVE-2016-0802 2 Apple, Google 5 Iphone Os, Mac Os X, Tvos and 2 more 2026-06-17 8.3 HIGH 8.8 HIGH
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181.
CVE-2016-0801 2 Apple, Google 5 Iphone Os, Mac Os X, Tvos and 2 more 2026-06-17 8.3 HIGH 9.8 CRITICAL
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.
CVE-2016-0774 2 Google, Linux 2 Android, Linux Kernel 2026-06-17 5.6 MEDIUM 6.8 MEDIUM
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.
CVE-2016-0728 5 Canonical, Debian, Google and 2 more 5 Ubuntu Linux, Debian Linux, Android and 2 more 2026-06-17 7.2 HIGH 7.8 HIGH
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
CVE-2016-0705 5 Canonical, Debian, Google and 2 more 5 Ubuntu Linux, Debian Linux, Android and 2 more 2026-06-17 10.0 HIGH 9.8 CRITICAL
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
CVE-2015-9547 1 Google 1 Android 2026-06-17 7.8 HIGH 7.5 HIGH
An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software. Because the READ_LOGS permission is mishandled, sensitive information is disclosed in a world-readable copy of the log file if the error message is "Unhandled exception in Dalvik VM," "Application not responding ANR event," or "Crash on an application's native code." The Samsung ID is SVE-2015-2885 (October 2015).
CVE-2015-9546 1 Google 1 Android 2026-06-17 5.8 MEDIUM 4.8 MEDIUM
An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert directory traversal sequences into an extracted file path. The Samsung ID is SVE-2015-4363 (November 2015).
CVE-2015-9073 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.
CVE-2015-9072 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.
CVE-2015-9071 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.
CVE-2015-9070 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.
CVE-2015-9069 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted.
CVE-2015-9068 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated.
CVE-2015-9067 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed.