CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8461
https://notcve.org/view.php?id=CVE-2016-8461
12 Jan 2017 — An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: Kernel-3.18. Android ID: A-32369621. • http://www.securityfocus.com/bid/95237 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8438
https://notcve.org/view.php?id=CVE-2016-8438
12 Jan 2017 — Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. • http://www.securityfocus.com/bid/95227 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8432
https://notcve.org/view.php?id=CVE-2016-8432
12 Jan 2017 — An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. • http://www.securityfocus.com/bid/95236 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8431
https://notcve.org/view.php?id=CVE-2016-8431
12 Jan 2017 — An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. • http://www.securityfocus.com/bid/95236 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8437
https://notcve.org/view.php?id=CVE-2016-8437
12 Jan 2017 — Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. • http://www.securityfocus.com/bid/95227 • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6757
https://notcve.org/view.php?id=CVE-2016-6757
12 Jan 2017 — An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148242. • http://www.securityfocus.com/bid/94693 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6758
https://notcve.org/view.php?id=CVE-2016-6758
12 Jan 2017 — An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. • http://www.securityfocus.com/bid/94677 • CWE-284: Improper Access Control •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8394
https://notcve.org/view.php?id=CVE-2016-8394
12 Jan 2017 — An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913197. • http://www.securityfocus.com/bid/94682 • CWE-284: Improper Access Control •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6791
https://notcve.org/view.php?id=CVE-2016-6791
12 Jan 2017 — An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252384. • http://www.securityfocus.com/bid/94681 • CWE-284: Improper Access Control •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8404
https://notcve.org/view.php?id=CVE-2016-8404
12 Jan 2017 — An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496950. • http://www.securityfocus.com/bid/94686 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •