Lucene search
K

189 matches found

UbuntuCve
UbuntuCve
added 2016/04/18 12:59 a.m.23 views

CVE-2016-0842

The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation MMCO data, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 25818142...

10CVSS7.5AI score0.01667EPSS
Exploits0References3
Prion
Prion
added 2016/04/18 12:59 a.m.20 views

Design/Logic Flaw

A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677...

6.9CVSS7AI score0.00173EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2016/04/18 12:59 a.m.17 views

Design/Logic Flaw

The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307...

7.2CVSS7.1AI score0.00217EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2016/04/18 12:59 a.m.24 views

CVE-2016-0840

Multiple stack-based buffer underflows in decoder/ih264dparsecavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 26399350...

10CVSS7.7AI score0.01652EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2016/04/18 12:59 a.m.21 views

CVE-2016-0844

The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307...

8.4CVSS7.2AI score0.00217EPSS
Exploits0References3
Prion
Prion
added 2016/04/18 12:59 a.m.25 views

Memory corruption

postproc/volumelistener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 25753245...

10CVSS8.2AI score0.0206EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2016/04/18 12:59 a.m.17 views

CVE-2016-0835

decoder/impeg2ddechdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file that triggers a certain negative value, aka internal bug 26070014...

10CVSS7.6AI score0.02822EPSS
Exploits0References4
Prion
Prion
added 2016/04/18 12:59 a.m.23 views

Design/Logic Flaw

media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as...

10CVSS6.8AI score0.008EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2016/04/18 12:59 a.m.31 views

CVE-2016-2414

The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service memory corruption and reboot loop via a crafted font, aka internal bug 26413177...

6.2CVSS6.8AI score0.00405EPSS
Exploits1References4
Prion
Prion
added 2016/04/18 12:59 a.m.16 views

Code injection

A Texas Instruments TI haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545...

9.3CVSS7AI score0.00533EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2016/04/18 12:59 a.m.16 views

Design/Logic Flaw

The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug...

4.3CVSS7.1AI score0.00417EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2016/04/18 12:59 a.m.16 views

Design/Logic Flaw

libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified...

10CVSS6.8AI score0.01058EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2016/04/18 12:59 a.m.24 views

CVE-2016-2409

A Texas Instruments TI haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545...

9.3CVSS7.2AI score0.00533EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/04/18 12:59 a.m.16 views

CVE-2016-0836

Stack-based buffer overflow in decoder/impeg2dvld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 25812590...

10CVSS7.4AI score0.02245EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2016/04/18 12:59 a.m.33 views

CVE-2016-2411

A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053...

9.3CVSS6.8AI score0.00498EPSS
Exploits0References2
Prion
Prion
added 2016/04/18 12:59 a.m.16 views

Design/Logic Flaw

server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection...

6.6CVSS6.9AI score0.0018EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/04/18 12:59 a.m.17 views

Design/Logic Flaw

exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request, ak...

7.1CVSS6.3AI score0.00425EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/04/18 12:59 a.m.17 views

Stack overflow

Multiple stack-based buffer underflows in decoder/ih264dparsecavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 26399350...

10CVSS8.4AI score0.01652EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/04/18 12:59 a.m.29 views

Design/Logic Flaw

libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining...

7.2CVSS7.2AI score0.01306EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2016/04/18 12:0 a.m.63 views

CVE-2016-0834

CVE-2016-0834 affects Android 6.x mediaserver with an unspecified media codec vulnerability that allows remote code execution or memory corruption via a crafted media file (internal bug 26220548). The NVD entry notes a CVSSv3 base score of 8.4 (HIGH) with local attack vector, no privileges, and n...

10CVSS8.1AI score0.01512EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder