Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 15355 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-6612 1 Google 1 Android 2026-06-17 9.3 HIGH N/A
libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.
CVE-2015-6611 1 Google 1 Android 2026-06-17 5.0 MEDIUM N/A
mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23905951, 23912202, 23953967, 23696300, 23600291, 23756261, 23541506, 23284974, 23542351, and 23542352, a different vulnerability than CVE-2015-8074.
CVE-2015-6610 1 Google 1 Android 2026-06-17 10.0 HIGH N/A
libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088.
CVE-2015-6609 1 Google 1 Android 2026-06-17 10.0 HIGH N/A
libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.
CVE-2015-6608 1 Google 1 Android 2026-06-17 10.0 HIGH N/A
mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073.
CVE-2015-6607 2 Google, Sqlite 2 Android, Sqlite 2026-06-17 6.8 MEDIUM N/A
SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
CVE-2015-6606 1 Google 1 Android 2026-06-17 9.3 HIGH N/A
The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22301786.
CVE-2015-6605 1 Google 1 Android 2026-06-17 5.0 MEDIUM N/A
mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718.
CVE-2015-6604 1 Google 1 Android 2026-06-17 10.0 HIGH N/A
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786.
CVE-2015-6603 1 Google 1 Android 2026-06-17 10.0 HIGH N/A
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354.
CVE-2015-6602 1 Google 1 Android 2026-06-17 9.3 HIGH N/A
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.
CVE-2015-6601 1 Google 1 Android 2026-06-17 10.0 HIGH N/A
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234.
CVE-2015-6600 1 Google 1 Android 2026-06-17 10.0 HIGH N/A
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938.
CVE-2015-6599 1 Google 1 Android 2026-06-17 10.0 HIGH N/A
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608.
CVE-2015-6598 1 Google 1 Android 2026-06-17 10.0 HIGH N/A
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638.
CVE-2015-6596 1 Google 1 Android 2026-06-17 9.3 HIGH N/A
mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717.
CVE-2015-6583 1 Google 1 Chrome 2026-06-17 4.3 MEDIUM N/A
Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc.
CVE-2015-6582 1 Google 1 Chrome 2026-06-17 6.8 MEDIUM N/A
The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site.
CVE-2015-6581 1 Google 1 Chrome 2026-06-17 7.5 HIGH N/A
Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure.
CVE-2015-6580 1 Google 2 Chrome, V8 2026-06-17 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.