2016.md

Open

• CVE-2015-3864 (works on Android 2.2 up­to 4.0 and 5.0 to 5.1)
• Perception Point CVE-2016-0728
• Java-Script-v8-Engine exploit in Chrome Browser, no CVE (yet?)
• AppLock
• Google Maps API (mostly after each new update)
• Remote local compatibility check
• SS7, which is unfortunately vulnerable affect everyone (Man-in-the-Middle" (MitM) attacks)
• China’s awful internet speed has spread malware to millions of smartphones (qz.com) - several CVE's?
• Memexploit, Framaroot & ExynosAbuse all based on the ShiftyBug, Shuanet and Shedun families.
• Stagefighter reloaded on Android lower as 5
• BadKernel
• Pork Explosion Unleashed

Closed

• CVE-2016-6748, CVE-2016-6749, CVE-2016-6750, CVE-2016-3906, CVE-2016-3907, CVE-2016-6698, CVE-2016-6751, CVE-2016-6752 - Information disclosure vulnerability in Qualcomm components
• CVE-2016-6753, CVE-2016-7917 - Information disclosure vulnerability in kernel components
• CVE-2016-6747 - Denial of service vulnerability in Mediaserver
• CVE-2016-6746 - Information disclosure vulnerability in NVIDIA GPU driver
• CVE-2015-8964, CVE-2016-7914, CVE-2016-7915, CVE-2016-7916 - Information disclosure vulnerability in kernel components
• CVE-2016-6742, CVE-2016-6744, CVE-2016-6745, CVE-2016-6743 - Elevation of privilege vulnerability in Synaptics touchscreen driver
• CVE-2016-3904 - Elevation of privilege vulnerability in Qualcomm bus driver
• CVE-2016-6739, CVE-2016-6740, CVE-2016-6741 - Elevation of privilege vulnerability in Qualcomm camera driver
• CVE-2016-6738 - Elevation of privilege vulnerability in Qualcomm crypto engine driver
• CVE-2016-6136 - Elevation of privilege vulnerability in kernel system-call auditing subsystem
• CVE-2015-8963 - Elevation of privilege vulnerability in kernel performance subsystem
• CVE-2014-9675 - Remote code execution vulnerability in Freetype
• CVE-2016-6754 - Remote code execution vulnerability in Webview
• CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2015-1283 - Remote code execution vulnerability in Expat
• CVE-2016-6726, CVE-2016-6727 - Vulnerabilities in Qualcomm components
• CVE-2016-6737 - Elevation of privilege vulnerability in kernel ION subsystem
• CVE-2016-2184 - Elevation of privilege vulnerability in kernel sound subsystem
• CVE-2016-6828 - Elevation of privilege vulnerability in kernel networking subsystem
• CVE-2016-6730 up tp CVE-2016-6736 - Elevation of privilege vulnerability in NVIDIA GPU driver
• CVE-2016-6729 - Elevation of privilege vulnerability in Qualcomm bootloader
• CVE-2016-6728 - Elevation of privilege vulnerability in kernel ION subsystem
• CVE-2016-7912 - Elevation of privilege vulnerability in kernel USB driver
• CVE-2016-7913 - Elevation of privilege vulnerability in kernel media driver
• CVE-2015-8962 - Elevation of privilege vulnerability in kernel SCSI driver
• CVE-2015-8961, CVE-2016-7910, CVE-2016-7911 - Elevation of privilege vulnerability in kernel file system
• CVE-2016-6725 - Remote code execution vulnerability in Qualcomm crypto driver
• CVE-2016-6724 - Denial of service vulnerability in Input Manager Service
• CVE-2016-6723 - Denial of service vulnerability in Proxy Auto Config
• CVE-2016-6720, CVE-2016-6721, CVE-2016-6722 - Information disclosure vulnerability in Mediaserver
• CVE-2016-6719 - Elevation of privilege vulnerability in Bluetooth
• CVE-2016-6718 - Elevation of privilege vulnerability in Account Manager Service
• CVE-2016-6717 - Elevation of privilege vulnerability in Mediaserver
• CVE-2016-6716 - Elevation of privilege vulnerability in AOSP Launcher
• CVE-2016-6715 - Elevation of privilege vulnerability in Framework APIs
• CVE-2016-6711, CVE-2016-6712, CVE-2016-6713, CVE-2016-6714 - Denial of service vulnerability in Mediaserver
• CVE-2015-0410 - Denial of service vulnerability in OpenJDK
• CVE-2014-9908 - Denial of service vulnerability in Bluetooth
• CVE-2016-6710 - Information disclosure vulnerability in download manager
• CVE-2016-6709 - Information disclosure vulnerability in Conscrypt and BoringSSL
• CVE-2016-6708 - Elevation of privilege vulnerability in System UI
• CVE-2016-6707 - Elevation of privilege vulnerability in System Server
• CVE-2016-6704, CVE-2016-6705, CVE-2016-6706 - Elevation of privilege vulnerability in Mediaserver
• CVE-2016-6703 - Remote code execution vulnerability in Android runtime
• CVE-2016-6702 - Remote code execution vulnerability in libjpeg
• CVE-2016-6701 - Remote code execution vulnerability in Skia
• CVE-2016-6700 - Elevation of privilege vulnerability in libzipfile
• CVE-2016-6699 - Remote code execution vulnerability in Mediaserver
• Dirty-Cow-Root-Exploit & Video demonstration
• CVE-2016-6691, CVE-2016-6692, CVE-2016-6693, CVE-2016-6694, CVE-2016-6695, CVE-2016-6696, CVE-2016-5344, CVE-2016-5343 - Vulnerabilities in Qualcomm components
• CVE-2016-6690 - Denial of service vulnerability in kernel sound driver
• CVE-2016-5696 - Denial of service vulnerability in kernel networking subsystem
• CVE-2016-6689 - Information disclosure vulnerability in kernel
• CVE-2016-6686, CVE-2016-6687, CVE-2016-6688 - Information disclosure vulnerability in NVIDIA profiler
• CVE-2016-6683, CVE-2016-6684, CVE-2015-8956, CVE-2016-6685 - Information disclosure vulnerability in kernel components
• CVE-2016-6679, CVE-2016-3902, CVE-2016-6680, CVE-2016-6681, CVE-2016-6682 - Information disclosure vulnerability in Qualcomm components
• CVE-2016-6678 - Information disclosure vulnerability in Motorola USBNet driver
• CVE-2016-3860 - Information disclosure vulnerability in Qualcomm sound driver
• CVE-2015-0572 - Elevation of privilege vulnerability in Qualcomm character driver
• CVE-2016-6677 - Information disclosure vulnerability in NVIDIA GPU driver
• CVE-2015-8950 - Information disclosure vulnerability in kernel ION subsystem
• CVE-2015-8955 - Elevation of privilege vulnerability in kernel performance subsystem
• CVE-2016-3905, CVE-2016-6675, CVE-2016-6676, CVE-2016-5342 - Elevation of privilege vulnerability in Qualcomm Wi-Fi driver
• CVE-2016-6674 - Elevation of privilege vulnerability in system_server
• CVE-2016-6673 - Elevation of privilege vulnerability in NVIDIA camera driver
• CVE-2016-3940, CVE-2016-6672 - Elevation of privilege vulnerability in Synaptics touchscreen driver
• CVE-2016-3938, CVE-2016-3939 - Elevation of privilege vulnerability in Qualcomm video driver
• CVE-2016-3936, CVE-2016-3937 - Elevation of privilege vulnerability in MediaTek video driver
• CVE-2016-3901, CVE-2016-3935 - Elevation of privilege vulnerability in Qualcomm crypto engine driver
• CVE-2015-8951 - Elevation of privilege vulnerability in Qualcomm sound driver
• CVE-2016-3903, CVE-2016-3934 - Elevation of privilege vulnerability in Qualcomm camera driver
• CVE-2016-3932, CVE-2016-3933 - Elevation of privilege vulnerability in Mediaserver
• CVE-2016-3931 - Elevation of privilege vulnerability in Qualcomm Secure Execution Environment Communicator driver
• CVE-2016-3930 - Elevation of privilege vulnerability in NVIDIA MMC test driver
• CVE-2016-2059 - Elevation of privilege vulnerability in Qualcomm networking component
• CVE-2016-3926, CVE-2016-3927, CVE-2016-3929 - Vulnerabilities in Qualcomm components
• CVE-2016-5340 - Elevation of privilege vulnerability in kernel shared memory driver
• CVE-2016-3928 - Elevation of privilege vulnerability in MediaTek video driver
• CVE-2016-7117 - Remote code execution vulnerability in kernel networking subsystem
• CVE-2016-0758 - Remote code execution vulnerability in kernel ASN.1 decoder
• CVE-2016-3925 - Denial of service vulnerability in Wi-Fi
• CVE-2016-3924 - Information disclosure vulnerability in Mediaserver
• CVE-2016-3923 - Elevation of privilege vulnerability in Accessibility services
• CVE-2016-3922 - Elevation of privilege vulnerability in Telephony
• CVE-2016-3921 - Elevation of privilege vulnerability in Framework Listener
• CVE-2016-3920 - Denial of service vulnerability in Mediaserver
• CVE-2016-5348 - Denial of service vulnerability in GPS
• CVE-2016-3882 - Denial of service vulnerability in Wi-Fi
• CVE-2016-3918 - Information disclosure vulnerability in AOSP Mail
• CVE-2016-3917 - Elevation of privilege vulnerability in fingerprint login
• CVE-2016-3915, CVE-2016-3916 - Elevation of privilege vulnerability in Camera service
• CVE-2016-3914 - Elevation of privilege vulnerability in Telephony
• CVE-2016-3912 - Elevation of privilege vulnerability in framework APIs
• CVE-2016-3911 - Elevation of privilege vulnerability in Zygote process
• CVE-2016-3909, CVE-2016-3910, CVE-2016-3913 - Elevation of privilege vulnerability in Mediaserver
• CVE-2016-3908 - Elevation of privilege vulnerability in Lock Settings Service
• CVE-2016-3900 - Elevation of privilege vulnerability in ServiceManager
• CVE-2015-6647
• CVE-2016-5696
• CVE-2016-2059 - Elevation of privilege vulnerability in Qualcomm networking component
• CVE-2016-5340 - Elevation of privilege vulnerability in kernel shared memory subsystem
• CVE-2016-2469 - Vulnerabilities in Qualcomm components
• CVE-2015-2922 - Denial of service vulnerability in kernel networking subsystem
• CVE-2016-4998 - Information disclosure vulnerability in kernel networking subsystem
• CVE-2016-3894 - Information disclosure vulnerability in Qualcomm DMA component
• CVE-2016-3893 - Information disclosure vulnerability in Qualcomm sound codec
• CVE-2016-3892 - Information disclosure vulnerability in Qualcomm SPMI driver
• CVE-2015-8839 - Denial of service vulnerability in kernel ext4 file system
• CVE-2015-1465, CVE-2015-5364 - Denial of service vulnerability in kernel networking subsystem
• CVE-2016-3874 - Elevation of privilege vulnerability in Qualcomm Wi-Fi driver
• CVE-2016-3873 - Elevation of privilege vulnerability in NVIDIA kernel
• CVE-2016-1583 - Elevation of privilege vulnerability in kernel eCryptfs filesystem
• CVE-2016-3869 - Elevation of privilege vulnerability in Broadcom Wi-Fi driver
• CVE-2016-3868 - Elevation of privilege vulnerability in Qualcomm power driver
• CVE-2016-3867 - Elevation of privilege vulnerability in Qualcomm IPA driver
• CVE-2016-3866 - Elevation of privilege vulnerability in Qualcomm sound driver
• CVE-2016-3859 - Elevation of privilege vulnerability in Qualcomm camera driver
• CVE-2016-3865 - Elevation of privilege vulnerability in Synaptics touchscreen driver
• CVE-2016-4805 - Elevation of privilege vulnerability in kernel networking driver
• CVE-2016-3858 - Elevation of privilege vulnerability in Qualcomm subsystem driver
• CVE-2016-3864 - Elevation of privilege vulnerability in Qualcomm radio interface layer
• CVE-2016-2053 - Elevation of privilege vulnerability in kernel ASN.1 decoder
• CVE-2014-4655 - Elevation of privilege vulnerability in kernel sound subsystem
• CVE-2016-3951 - Elevation of privilege vulnerability in kernel USB driver
• CVE-2016-3134 - Elevation of privilege vulnerability in kernel netfilter subsystem
• CVE-2013-7446 - Elevation of privilege vulnerability in kernel networking subsystem
• CVE-2014-9529, CVE-2016-4470 - Elevation of privilege vulnerability in kernel security subsystem
• CVE-2016-3898 - Denial of service vulnerability in Telephony
• CVE-2016-3897 - Information disclosure vulnerability in Wi-Fi
• CVE-2016-3896 - Information disclosure vulnerability in AOSP Mail
• CVE-2016-3895 - Information disclosure vulnerability in Mediaserver
• CVE-2016-3890 - Elevation of privilege vulnerability in Java Debug Wire Protocol
• CVE-2016-3889 - Elevation of privilege vulnerability in Settings
• CVE-2016-3888 - Elevation of privilege vulnerability in SMS
• CVE-2016-3887 - Elevation of privilege vulnerability in Settings
• CVE-2016-3885 - Elevation of privilege vulnerability in System UI Tuner
• CVE-2016-3884 - Elevation of privilege vulnerability in Notification Manager Service
• CVE-2016-3883 - Elevation of privilege vulnerability in Telephony
• CVE-2016-3899, CVE-2016-3878, CVE-2016-3879, CVE-2016-3880, CVE-2016-3881 - Denial of service vulnerability in Mediaserver
• CVE-2016-3876 - Elevation of privilege vulnerability in Settings
• CVE-2016-3875 - Elevation of privilege vulnerability in device boot
• CVE-2016-3870 up to CVE-2016-3872 - Elevation of privilege vulnerability in Mediaserver
• CVE-2016-3863 - Remote code execution vulnerability in MediaMuxer
• CVE-2016-3862 - Remote code execution vulnerability in Mediaserver
• CVE-2016-3861 - Remote code execution vulnerability in LibUtils
• CVE-2014-9798 & CVE-2015-8893 - Denial of service vulnerability in Qualcomm bootloader (Device specific)
• CVE-2016-0723 - Information disclosure vulnerability in kernel teletype driver (Device specific)
• CVE-2016-3816 - Information disclosure vulnerability in MediaTek display driver (Device specific)
• CVE-2016-3814 & CVE-2016-3815 - Information disclosure vulnerability in NVIDIA camera driver (Device specific)
• CVE-2016-3813 - Information disclosure vulnerability in Qualcomm USB driver (Device specific)
• CVE-2016-3812 - Information disclosure vulnerability in MediaTek video codec driver (Device specific)
• CVE-2016-3811 - Elevation of privilege vulnerability in kernel video driver (Device specific)
• CVE-2016-3810 - Information disclosure vulnerability in MediaTek Wi-Fi driver (Device specific)
• CVE-2016-3809 - Information disclosure vulnerability in networking component (Device specific)
• CVE-2014-9803 - Elevation of privilege vulnerability in kernel (Device specific)
• CVE-2016-2068 - Elevation of privilege vulnerability in Qualcomm sound driver (Device specific)
• CVE-2016-3807 & CVE-2016-3808 - Elevation of privilege vulnerability in serial peripheral interface driver (Device specific)
• CVE-2016-3806 - Elevation of privilege vulnerability in MediaTek display driver (Device specific)
• CVE-2016-3804 & CVE-2016-3805 - Elevation of privilege vulnerability in MediaTek power management driver (Device specific)
• CVE-2016-3802 & CVE-2016-3803 - Elevation of privilege vulnerability in kernel file system (Device specific)
• CVE-2016-3801 - Elevation of privilege vulnerability in MediaTek GPS driver (Device specific)
• CVE-2016-3799 & CVE-2016-3800 - Elevation of privilege vulnerability in MediaTek video driver (Device specific)
• CVE-2016-3798 - Elevation of privilege vulnerability in MediaTek hardware sensor driver (Device specific)
• CVE-2016-3797 - Elevation of privilege vulnerability in Qualcomm Wi-Fi driver (Device specific)
• CVE-2016-3795 & CVE-2016-3796 - Elevation of privilege vulnerability in MediaTek power driver (Device specific)
• CVE-2016-3793 - Elevation of privilege vulnerability in NVIDIA camera driver (Device specific)
• CVE-2016-2501 - Elevation of privilege vulnerability in Qualcomm camera driver (Device specific)
• CVE-2016-3792 - Elevation of privilege vulnerability in Qualcomm Wi-Fi driver (Device specific)
• CVE-2016-2502 - Elevation of privilege vulnerability in Qualcomm USB driver (Device specific)
• CVE-2014-9794 up to CVE-2015-8890 - Elevation of privilege vulnerability in Qualcomm components (Device specific) (OEM specific)
• CVE-2015-8816 - Elevation of privilege vulnerability in USB driver (Device specific) (all OS)
• CVE-2016-3775 - Elevation of privilege vulnerability in kernel file system (Device specific) (all OS)
• CVE-2016-3770 up to CVE-2016-3774 - Elevation of privilege vulnerability in MediaTek drivers (Device specific)
• CVE-2016-3769 - Elevation of privilege vulnerability in NVIDIA video driver (Device specific)
• CVE-2016-3768 - Elevation of privilege vulnerability in Qualcomm performance component (Device specific)
• CVE-2016-3767 - Elevation of privilege vulnerability in MediaTek Wi-Fi driver (Device specific)
• CVE-2016-2503 & CVE-2016-2067 - Elevation of privilege vulnerability in Qualcomm GPU driver (Device specific)
• CVE-2016-3766 - Denial of service vulnerability in Mediaserver
• CVE-2016-3764 & CVE-2016-3765 - Information disclosure vulnerability in Mediaserver
• CVE-2016-3763 - Information disclosure vulnerability in Proxy Auto-Config
• CVE-2016-3762 - Elevation of privilege vulnerability in sockets
• CVE-2016-3761 - Elevation of privilege vulnerability in NFC
• CVE-2016-3760 - Elevation of privilege vulnerability in Bluetooth
• CVE-2016-3759 - Elevation of privilege vulnerability in Framework APIs
• CVE-2016-3758 - Elevation of privilege vulnerability in DexClassLoader
• CVE-2016-3757 - Elevation of privilege vulnerability in lsof
• CVE-2016-3818 - Denial of service vulnerability in libc
• CVE-2016-3754 up to CVE-2016-3756 - Denial of service vulnerability in Mediaserver
• CVE-2016-2107 - Information disclosure vulnerability in OpenSSL
• CVE-2016-3753 - Information disclosure vulnerability in Mediaserver
• CVE-2016-3752 - Elevation of privilege vulnerability in ChooserTarget service
• CVE-2016-3750 - Elevation of privilege vulnerability in Framework APIs
• CVE-2016-3749 - Elevation of privilege vulnerability in LockSettingsService
• CVE-2016-3748 - Elevation of privilege vulnerability in sockets
• CVE-2016-3745 up to CVE-2016-3747 - Elevation of privilege vulnerability in Mediaserver (Android 4 & 5/6)
• CVE-2016-3751 - Elevation of privilege vulnerability in libpng
• CVE-2016-3744 - Remote code execution vulnerability in Bluetooth
• CVE-2016-2108 - Remote code execution vulnerability in OpenSSL & BoringSSL (4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1)
• CVE-2016-2506, CVE-2016-2505, CVE-2016-2507, CVE-2016-2508, CVE-2016-3741, CVE-2016-3742 & CVE-2016-3743 - Remote code execution vulnerability in Mediaserver (all OS)
• CVE-2016-2500 - Information Disclosure Vulnerability in Activity Manager
• CVE-2016-2499 - Information Disclosure Vulnerability in Mediaserver
• CVE-2016-2498 - Information Disclosure Vulnerability in Qualcomm Wi-Fi Driver
• CVE-2016-2496 - Elevation of Privilege Vulnerability in Framework UI
• CVE-2016-2495 - Remote Denial of Service Vulnerability in Mediaserver
• CVE-2016-2493 - Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver
• CVE-2016-2494 - Elevation of Privilege Vulnerability in SD Card Emulation Layer
• CVE-2016-2492 - Elevation of Privilege Vulnerability in MediaTek Power Management Driver
• CVE-2016-2470 up to CVE-2016-2473 (4!) - Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
• CVE-2016-2490 & CVE-2016-2491 - Elevation of Privilege Vulnerability in NVIDIA Camera Driver
• CVE-2016-2489 - Elevation of Privilege Vulnerability in Qualcomm Video Driver
• CVE-2016-2061 & CVE-2016-2488 - Elevation of Privilege Vulnerability in Qualcomm Camera Driver
• CVE-2016-2476 up to 2487 (12!) - Elevation of Privilege Vulnerability in Mediaserver
• CVE-2016-2066 & CVE-2016-2469 - Elevation of Privilege Vulnerability in Qualcomm Sound Driver
• CVE-2016-2475 - Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver
• CVE-2016-2474 - Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
• CVE-2016-2468 & CVE-2016-2062 - Elevation of Privilege Vulnerability in Qualcomm GPU Driver
• CVE-2016-2466 & CVE-2016-2467 - Elevation of Privilege Vulnerability in Qualcomm Sound Driver
• CVE-2016-2465 - Elevation of Privilege Vulnerability in Qualcomm Video Driver
• CVE-2016-2464 - Remote Code Execution Vulnerabilities in libwebm
• CVE-2016-2463 - Remote Code Execution Vulnerability in Mediaserver
• CVE-2016-0774 - Denial of Service Vulnerability in Kernel
• CVE-2016-2459 & CVE-2016-2460 - Information Disclosure Vulnerability in Mediaserver
• CVE-2016-2458 - Information Disclosure Vulnerability in AOSP Mail
• CVE-2016-2457 - Elevation of Privilege in Wi-Fi
• CVE-2016-2456 - Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver
• CVE-2016-0705 - Elevation of Privilege Vulnerability in OpenSSL & BoringSSL
• CVE-2016-2461 & CVE-2016-2462 - Elevation of Privilege in Conscrypt
• CVE-2016-2454 - Remote Denial of Service Vulnerability in Qualcomm Hardware Codec
• CVE-2016-2453 - Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver
• CVE-2016-2448 & CVE-2016-xx52 - Elevation of Privilege Vulnerability in Mediaserver
• CVE-2016-4477 - Elevation of Privilege in Wi-Fi
• CVE-2016-2444 & CVE-2016-xx46 - Elevation of Privilege Vulnerability in NVIDIA Video Driver
• CVE-2015-0571 - Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
• CVE-2016-2443 - Elevation of Privilege Vulnerability in Qualcomm MDP Driver
• CVE-2016-2441 & CVE-2016-2442 - Elevation of Privilege Vulnerability in Qualcomm Buspm Driver
• CVE-2016-2440 - Elevation of Privilege in Binder
• CVE-2016-2439 - Remote Code Execution in Bluetooth
• CVE-2016-2060 - Information Disclosure Vulnerability in Qualcomm Tethering Controller
• CVE-2016-2438 - Remote Code Execution Vulnerability in Kernel
• CVE-2015-1805 - Elevation of Privilege Vulnerability in Kernel
• CVE-2016-2434 & CVE-2016-xx37 - Elevation of Privilege Vulnerability in NVIDIA Video Driver
• CVE-2015-0569 & CVE-2015-0570 - Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
• CVE-2016-2431 & CVE-2016-2432 - Elevation of Privilege Vulnerability in Qualcomm TrustZone
• CVE-2016-2430 - Elevation of Privilege Vulnerability in Debuggerd
• CVE-2016-2428 & CVE-2016-2429 - Remote Code Execution Vulnerability in Mediaserver
• CVE-2015-3825
• CVE-2016-2427 - Information Disclosure Vulnerability in BouncyCastle
• CVE-2016-2426 - Information Disclosure Vulnerability in Framework
• CVE-2016-2425 - Information Disclosure Vulnerability in AOSP Mail
• CVE-2016-2424 - Denial of Service Vulnerability in SyncStorageEngine
• CVE-2016-2423 - Elevation of Privilege Vulnerability in Telephony
• CVE-2016-2422 - Elevation of Privilege Vulnerability in Wi-Fi
• CVE-2016-2421 - Elevation of Privilege Vulnerability in Setup Wizard
• CVE-2016-2420 - Elevation of Privilege Vulnerability in Debuggerd Component
• CVE-2016-2416 up to xxx2419 - Information Disclosure Vulnerability in Mediaserver
• CVE-2016-2415 - Information Disclosure Vulnerability in Exchange ActiveSync
• CVE-2016-2414 - Denial of Service Vulnerability in Minikin
• CVE-2016-2413 - Elevation of Privilege Vulnerability in Mediaserver
• CVE-2016-2412 - Elevation of Privilege Vulnerability in System_server
• CVE-2016-2411 - Elevation of Privilege Vulnerability in Qualcomm Power Management Component
• CVE-2016-2410 - Elevation of Privilege Vulnerability in a Video Kernel Driver
• CVE-2016-2409 - Elevation of Privilege Vulnerability in Texas Instruments Haptic Driver
• CVE-2016-0850 - Elevation of Privilege Vulnerability in Bluetooth
• CVE-2016-0849 - Elevation of Privilege Vulnerability in Recovery Procedure
• CVE-2016-0848 - Elevation of Privilege Vulnerability in Download Manager
• CVE-2016-0847 - Elevation of Privilege Vulnerability in Telecom Component
• CVE-2016-0846 - Elevation of Privilege Vulnerability in IMemory Native Interface
• CVE-2014-9322 - Elevation of Privilege Vulnerability in Kernel
• CVE-2016-0844 - Elevation of Privilege Vulnerability in Qualcomm RF Component
• CVE-2016-0843 - Elevation of Privilege Vulnerability in Qualcomm Performance Module
• CVE-2015-1805 - Elevation of Privilege Vulnerability in Kernel
• CVE-2016-0842 - Remote Code Execution Vulnerability in libstagefright
• CVE-2016-0835 up to xx0841 - Remote Code Execution Vulnerability in Mediaserver
• CVE-2016-0834 - Remote Code Execution Vulnerability in Media Codec
• CVE-2016-1503 & CVE-2014-6060 - Remote Code Execution Vulnerability in DHCPCD
• CVE-2016-0815 - Remote Code Execution Vulnerability in Mediaserver
• CVE-2016-0816 - Remote Code Execution Vulnerability in Mediaserver
• CVE-2016-1621 - Remote Code Execution Vulnerabilities in libvpx
• CVE-2016-0818 - Elevation of Privilege in Conscrypt
• CVE-2016-0819 - Elevation of Privilege Vulnerability in the Qualcomm Performance Component
• CVE-2016-0820 - Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver )
• CVE-2016-0728 - Elevation of Privilege Vulnerability in Keyring Component
• CVE-2016-0821 - Mitigation Bypass Vulnerability in the Kernel
• CVE-2016-0822 - Elevation of Privilege in MediaTek Connectivity Driver
• CVE-2016-0823 - Information Disclosure Vulnerability in Kernel
• CVE-2016-0824 - Information Disclosure Vulnerability in libstagefright
• CVE-2016-0825 - Information Disclosure Vulnerability in Widevine
• CVE-2016-0826 - Elevation of Privilege Vulnerability in Mediaserver
• CVE-2016-0827 - Elevation of Privilege Vulnerability in Mediaserver
• CVE-2016-0828 - Information Disclosure Vulnerability in Mediaserver
• CVE-2016-0829 - Information Disclosure Vulnerability in Mediaserver
• CVE-2016-0830 - Remote Denial of Service Vulnerability in Bluetooth
• CVE-2016-0831 - Information Disclosure Vulnerability in Telephony
• CVE-2016-0832 - Elevation of Privilege Vulnerability in Setup Wizard
• CVE-2015-6646 (Android 5.1.1 - 6.0.1 r13)
• CVE-2015-5310 - Elevation of Privilege Vulnerability in Wi-Fi
• CVE-2015-6643 (Android 5.1.1 - 6.0.1 r13)
• CVE-2016-0812 + CVE-2016-0813 - Elevation of Privilege Vulnerability in Setup Wizard (fixed since Android 6.0.1 r13)
• CVE-2016-0811 - Information Disclosure Vulnerability in libmediaplayerservice (fixed since Android 6.0.1 r13)
• CVE-2016-0809 - Elevation of Privilege Vulnerability in Wi-Fi (fixed since Android 6.0.1 r13)
• CVE-2016-0808 - Denial of Service Vulnerability in Minikin (fixed since Android 6.0.1 r13)
• CVE-2016-0803 + CVE-2016-0804 - Remote Code Execution Vulnerability in Mediaserver - (fixed since Android 6.0.1 r13)
• CVE-2015-6645 (Android 4.4.4 - 6.0.1 r13)
• CVE-2015-6644 (Android 4.4.4 - 6.0.1 r13) alias bug 24106146
• CVE-2015-6641 (Android 6.0)
• CVE-2015-6636 (Android 5.0 - 6.0.1)
• CVE-2016-0801 & CVE-2016-0802 - Remote Code Execution (RCE) patched with (fixed since Android 6.0.1 r13)
• CVE-2016-0807 Debuggerd execute arbitrary code within the device's root level (fixed since Android 6.0.1 r13)
• CVE-2016-0810 Elevation of privilege (fixed since Android 6.0.1 r13)
• CVE-2016-0805 Qualcomm Performance Module Elevation of Privilege vulnerabilitie (fixed since Android 6.0.1 r13)
• CVE-2016-0806 Qualcomm Wi-Fi Driver Elevation of Privilege vulnerabilitie (fixed since Android 6.0.1 r13)
• CVE-2015-6637 (Android 4.4.4 - 6.0.1 r13)
• CVE-2015-6638 (Android 5.1.0 - 6.0.1 r13)
• CVE-2015-6639 (Android 5.1.0 - 6.0.1 r13)
• CVE-2015-6640 (Android 5.1.0 - 6.0 r13)
• CVE-2015-6642 (Android 5.1.0 - 6.0.1 r13)
• CVE-2014-7920 & CVE-2014-7921 Android privilege escalation to mediaserver from zero permissions - source code (fixed in Android 5.1.1 and higher)

Rolling out to manufacturers and carriers

• CVE-2015-3197 & CVE-2015-1788 which affects every OS that use OpenSSL