CVE-2016-3896
- EPSS 0.48%
- Veröffentlicht 11.09.2016 21:59:40
- Zuletzt bearbeitet 06.05.2026 22:30:45
AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted application, aka internal bug 29767043.
CVE-2016-3895
- EPSS 0.45%
- Veröffentlicht 11.09.2016 21:59:39
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260.
CVE-2016-3894
- EPSS 0.41%
- Veröffentlicht 11.09.2016 21:59:38
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29618014 and Qualcomm internal bug CR1042033.
CVE-2016-3893
- EPSS 0.5%
- Veröffentlicht 11.09.2016 21:59:37
- Zuletzt bearbeitet 06.05.2026 22:30:45
The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which allows attackers to obtain sensitive information via a ...
CVE-2016-3892
- EPSS 0.49%
- Veröffentlicht 11.09.2016 21:59:36
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28760543 and Qualcomm internal bug CR1024197.
CVE-2016-3890
- EPSS 0.75%
- Veröffentlicht 11.09.2016 21:59:35
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a c...
CVE-2016-3889
- EPSS 0.24%
- Veröffentlicht 11.09.2016 21:59:33
- Zuletzt bearbeitet 06.05.2026 22:30:45
Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a system application, (2) the help feature, or (3) the Se...
CVE-2016-3888
- EPSS 0.18%
- Veröffentlicht 11.09.2016 21:59:32
- Zuletzt bearbeitet 06.05.2026 22:30:45
internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechan...
CVE-2016-3887
- EPSS 0.48%
- Veröffentlicht 11.09.2016 21:59:31
- Zuletzt bearbeitet 06.05.2026 22:30:45
providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOW_CONFIG_VPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712...
CVE-2016-3886
- EPSS 0.2%
- Veröffentlicht 11.09.2016 21:59:30
- Zuletzt bearbeitet 06.05.2026 22:30:45
systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate attackers to gain privileges by modifying a setting, aka in...