Skip to main content
CVE-2016-3886 MEDIUM PATCH This Month

systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Java Privilege Escalation Google Android
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-3876 MEDIUM PATCH This Month

providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Java Privilege Escalation Google Android
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-3875 MEDIUM PATCH This Month

server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Java Privilege Escalation Google Android
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-3889 MEDIUM PATCH This Month

Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-5155 MEDIUM This Month

Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft Chrome Leap
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2016-5162 MEDIUM This Month

The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft Leap Chrome
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2016-5160 MEDIUM This Month

The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft Leap Chrome
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2016-5147 MEDIUM This Month

Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Microsoft Chrome
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-5148 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Microsoft Chrome
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-5165 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Microsoft Chrome Leap
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-5164 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Google Microsoft Chrome +1
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-3880 MEDIUM PATCH This Month

Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-3899 MEDIUM PATCH This Month

OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-3879 MEDIUM PATCH This Month

arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-3878 MEDIUM PATCH This Month

decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-3881 MEDIUM PATCH This Month

The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Google Buffer Overflow Android
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-3897 MEDIUM PATCH This Month

The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Java Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3894 MEDIUM PATCH This Month

The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29618014 and Qualcomm. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3892 MEDIUM PATCH This Month

The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28760543. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3896 MEDIUM PATCH This Month

AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3893 MEDIUM PATCH This Month

The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3895 MEDIUM PATCH This Month

Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3884 MEDIUM PATCH This Month

server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Java Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3883 MEDIUM PATCH This Month

internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Java Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3898 MEDIUM PATCH This Month

Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service (loss of locked-screen 911 TTY. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-5163 MEDIUM This Month

The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Java Microsoft Chrome +1
NVD
CVSS 3.0
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy