Lucene search
K

189 matches found

NVD
NVD
added 2016/09/11 9:59 p.m.25 views

CVE-2016-3884

server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug 29421441...

5.5CVSS5.2AI score0.00439EPSS
Exploits0References4
NVD
NVD
added 2016/09/11 9:59 p.m.19 views

CVE-2016-3878

decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 29493002...

7.1CVSS5.3AI score0.00701EPSS
Exploits0References4
NVD
NVD
added 2016/09/11 9:59 p.m.26 views

CVE-2016-3871

Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka internal bug 29422022...

9.3CVSS7.7AI score0.00886EPSS
Exploits0References5
NVD
NVD
added 2016/09/11 9:59 p.m.26 views

CVE-2016-3861

LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of...

9.3CVSS7.9AI score0.11172EPSS
Exploits1References8
Prion
Prion
added 2016/09/11 9:59 p.m.15 views

Design/Logic Flaw

providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFEBOOTDISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge adb tool, aka internal bug 29900345...

7.2CVSS7AI score0.00203EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2016/09/11 9:59 p.m.28 views

CVE-2016-3879

arm-wt-22k/libsrc/easmdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service NULL pointer dereference, and device hang or reboot via a crafted media file, aka internal bug 29770686...

7.1CVSS6.5AI score0.00707EPSS
Exploits0References3
Prion
Prion
added 2016/09/11 9:59 p.m.16 views

Stack overflow

Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a...

6.8CVSS8.2AI score0.01143EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2016/09/11 9:59 p.m.23 views

CVE-2016-3890

The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...

7.6CVSS7.1AI score0.00745EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/09/11 9:59 p.m.23 views

CVE-2016-3862

media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjheadjni, which allows remote attackers to execute arbitrary code or cause a denial of service...

9.3CVSS7.6AI score0.01559EPSS
Exploits0References3
Prion
Prion
added 2016/09/11 9:59 p.m.15 views

Integer overflow

Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260...

4.3CVSS6.7AI score0.00454EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2016/09/11 9:59 p.m.18 views

Design/Logic Flaw

The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the return value of a toString method call, which allows attackers to obtain sensitive information vi...

4.3CVSS6.5AI score0.00605EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2016/09/11 9:0 p.m.26 views

CVE-2016-3899

OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service device hang or reboot via a crafted...

5.5AI score0.00701EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/09/11 9:0 p.m.22 views

CVE-2016-3895

Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260...

5.5AI score0.00454EPSS
Exploits0References3
Cvelist
Cvelist
added 2016/09/11 9:0 p.m.30 views

CVE-2016-3871

Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka internal bug 29422022...

7.7AI score0.00886EPSS
Exploits0References5
Cvelist
Cvelist
added 2016/09/11 9:0 p.m.30 views

CVE-2016-3884

server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug 29421441...

5.5AI score0.00439EPSS
Exploits0References4
CVE
CVE
added 2016/09/11 9:0 p.m.44 views

CVE-2016-3875

Technical details beyond the Initial Description are not provided in the connected documents. No vendor/product/version/remediation specifics are present. Monitor for updates.

7.2CVSS6.6AI score0.00197EPSS
Exploits0References4Affected Software1
android
android
added 2016/09/01 12:0 a.m.35 views

CVE-2016-3861

LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of...

9.3CVSS8.2AI score0.11172EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2016/08/05 8:59 p.m.24 views

CVE-2016-3822

exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds access via crafted EXIF data, aka internal bug...

7.8CVSS7.8AI score0.01267EPSS
Exploits0References4
Prion
Prion
added 2016/08/05 8:59 p.m.16 views

Design/Logic Flaw

The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 29023649...

7.1CVSS7AI score0.00683EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2016/08/05 8:59 p.m.20 views

Design/Logic Flaw

mm-video-v4l2/vidc/venc/src/omxvideobase.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964...

4.6CVSS7.1AI score0.002EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder