Lucene search
K

189 matches found

Cvelist
Cvelist
added 2016/05/09 10:0 a.m.22 views

CVE-2016-2462

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173...

6.9AI score0.00391EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/05/09 10:0 a.m.34 views

CVE-2016-2428

libAACdec/src/aacdecdrc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via...

8.9AI score0.0206EPSS
Exploits0References2
CVE
CVE
added 2016/05/09 10:0 a.m.48 views

CVE-2016-2462

Summary (CVE-2016-2462) : In Android 6.x, the Conscrypt/OpenSSL binding (OpenSSLCipher.java) mishandled updates to the AAD array, enabling possible spoofing of message authentication via unspecified vectors (internal bug 27371173). This is a local/authenticated context issue due to the cipher sta...

7.6CVSS7AI score0.00391EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2016/05/09 10:0 a.m.51 views

CVE-2016-2461

CVE-2016-2461 affects OpenSSLCipher.java in Conscrypt on Android 6.x. The issue arises from mishandling resets of the AAD array, allowing a local attacker to spoof message authentication via unspecified vectors (internal bugs 27324690, 27696681). The vulnerability is tied to Conscrypt in the Andr...

7.6CVSS7.1AI score0.00455EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2016/05/09 10:0 a.m.42 views

CVE-2016-2458

The CVE-2016-2458 issue affects AOSP Mail: the compose functionality in Android 5.0.x (pre-5.0.2), 5.1.x (pre-5.1.1), and 6.x (pre-2016-05-01) does not adequately restrict attachments, enabling information disclosure via a crafted app related to ComposeActivity.java and ComposeActivityEmail.java....

5.5CVSS5.5AI score0.00471EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2016/04/18 12:59 a.m.20 views

CVE-2016-2427

The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug...

5.5CVSS5.4AI score0.00417EPSS
Exploits0References1
OSV
OSV
added 2016/04/18 12:59 a.m.4 views

CVE-2016-2421

Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410...

6.1CVSS7.3AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2016/04/18 12:59 a.m.18 views

CVE-2016-2416

libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified...

10CVSS9.1AI score0.01058EPSS
Exploits0References3
NVD
NVD
added 2016/04/18 12:59 a.m.22 views

CVE-2016-2411

A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053...

9.3CVSS6.3AI score0.00498EPSS
Exploits0References1
OSV
OSV
added 2016/04/18 12:59 a.m.4 views

CVE-2016-2410

A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677...

7.4CVSS7.3AI score0.00173EPSS
Exploits0References1
OSV
OSV
added 2016/04/18 12:59 a.m.3 views

CVE-2016-2409

A Texas Instruments TI haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545...

8.1CVSS7.3AI score0.00533EPSS
Exploits0References1
NVD
NVD
added 2016/04/18 12:59 a.m.18 views

CVE-2016-2409

A Texas Instruments TI haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545...

9.3CVSS7.8AI score0.00533EPSS
Exploits0References1
NVD
NVD
added 2016/04/18 12:59 a.m.21 views

CVE-2016-0840

Multiple stack-based buffer underflows in decoder/ih264dparsecavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 26399350...

10CVSS8.6AI score0.01652EPSS
Exploits0References2
NVD
NVD
added 2016/04/18 12:59 a.m.27 views

CVE-2016-0839

postproc/volumelistener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 25753245...

10CVSS9.5AI score0.0206EPSS
Exploits0References2
OSV
OSV
added 2016/04/18 12:59 a.m.5 views

CVE-2016-0838

Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file,...

9.8CVSS6.1AI score0.02822EPSS
Exploits0References3
NVD
NVD
added 2016/04/18 12:59 a.m.21 views

CVE-2016-0835

decoder/impeg2ddechdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file that triggers a certain negative value, aka internal bug 26070014...

10CVSS9.5AI score0.02822EPSS
Exploits0References3
Prion
Prion
added 2016/04/18 12:59 a.m.28 views

Design/Logic Flaw

libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining...

7.2CVSS7.2AI score0.0118EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2016/04/18 12:59 a.m.15 views

Design/Logic Flaw

server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection...

6.6CVSS6.9AI score0.0018EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/04/18 12:59 a.m.23 views

Code injection

server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GETACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal...

4.3CVSS6.4AI score0.00388EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/04/18 12:59 a.m.16 views

Design/Logic Flaw

The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307...

7.2CVSS7.1AI score0.00217EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder