202 matches found
CVE-2016-0827
Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and E...
CVE-2016-0843
The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197.
CVE-2016-2416
libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified pr...
CVE-2016-2426
server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal b...
CVE-2016-3744
Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to gain privileges via a crafted pairing operation, aka internal bug 27930580.
CVE-2016-3746
Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem a...
CVE-2016-3831
The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, ...
CVE-2016-3924
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate EFFECT_CMD_SET_PARAM and EFFECT_CMD_SET_PARAM_DEFERRED commands, which allows attackers to obtain sensitive inform...
CVE-2017-0554
An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible ...
CVE-2016-2424
server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted application, aka internal bug ...
CVE-2016-2499
AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172.
CVE-2016-3872
Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug 29421675.
CVE-2016-3879
arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka internal bug 29770686.
CVE-2016-3899
OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted m...
CVE-2016-3912
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allow attackers to gain privileges via a crafted application, aka internal bug 30202481.
CVE-2016-7990
On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.
CVE-2016-2506
DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a c...
CVE-2016-3747
Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem a...
CVE-2016-3754
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448.
CVE-2016-3883
internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attackers to spoof the premium-payment confirmation ...
CVE-2016-3890
The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842.
CVE-2016-6703
A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. This iss...
CVE-2016-6764
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A...
CVE-2016-2412
include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or Si...
CVE-2016-2422
Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSyst...
CVE-2016-2497
services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489.
CVE-2016-3834
The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701.
CVE-2016-3840
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.
CVE-2016-3897
The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the return value of a toString method call, which allows attackers to obtain sensitive information via ...
CVE-2016-7989
On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash...
CVE-2016-2507
Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a cr...
CVE-2016-3756
Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28...
CVE-2016-3823
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329.
CVE-2016-3830
codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599.
CVE-2016-3863
Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a craft...
CVE-2016-3896
AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted application, aka internal bug 29767043.
CVE-2016-3909
The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30033990.
CVE-2016-6700
An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a ...
CVE-2016-6702
A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of...
CVE-2016-0850
The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to bypass intended pairing restrictions via a crafted device, aka internal bug 26551752.
CVE-2016-2423
server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mech...
CVE-2016-2450
codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Sig...
CVE-2016-2495
SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28076789.
CVE-2016-3750
libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted application...
CVE-2016-3761
NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969.
CVE-2016-3888
internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Set...
CVE-2016-3745
Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obtaining Signature or SignatureOrSystem access...
CVE-2016-3818
libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702.
CVE-2016-7988
On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-...
CVE-2016-2440
libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896.