Lucene search

K
GoogleAndroid5.1.0

268 matches found

CVE
CVE
added 2016/10/10 10:59 a.m.38 views

CVE-2016-3911

core/java/android/os/Process.java in Zygote in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30143607.

9.3CVSS8AI score0.00059EPSS
CVE
CVE
added 2017/01/12 3:59 p.m.38 views

CVE-2016-6766

A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1,...

7.1CVSS5.6AI score0.00145EPSS
CVE
CVE
added 2016/10/31 10:59 a.m.38 views

CVE-2016-7991

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.

7.8CVSS7.2AI score0.00077EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.38 views

CVE-2017-0425

An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6...

5.5CVSS4.9AI score0.00166EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.38 views

CVE-2017-0489

An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0...

5.5CVSS5.5AI score0.00107EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.38 views

CVE-2017-0560

An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7....

5.5CVSS5.3AI score0.00109EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.38 views

CVE-2017-0726

A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36389123.

5.5CVSS5.6AI score0.00044EPSS
CVE
CVE
added 2017/08/24 12:29 a.m.38 views

CVE-2017-0805

A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701.

9.3CVSS7.3AI score0.00088EPSS
CVE
CVE
added 2017/10/04 1:29 a.m.38 views

CVE-2017-0823

An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.

7.5CVSS6.8AI score0.00282EPSS
CVE
CVE
added 2016/03/12 9:59 p.m.37 views

CVE-2016-0826

libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated...

9.3CVSS7.5AI score0.00067EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.37 views

CVE-2016-2417

media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified pr...

10CVSS7.7AI score0.13164EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.37 views

CVE-2016-2449

services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template IDs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining ...

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.37 views

CVE-2016-2452

codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or...

9.3CVSS7.7AI score0.00067EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.37 views

CVE-2016-3764

media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive pointer information via a crafted application, aka internal bug 28377502.

5CVSS4.6AI score0.00058EPSS
CVE
CVE
added 2016/08/05 8:59 p.m.37 views

CVE-2016-3819

Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte...

9.8CVSS8.9AI score0.01486EPSS
CVE
CVE
added 2016/08/05 8:59 p.m.37 views

CVE-2016-3826

services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug ...

7.8CVSS7.5AI score0.00023EPSS
CVE
CVE
added 2016/08/05 8:59 p.m.37 views

CVE-2016-3832

The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 287...

8.3CVSS7.3AI score0.00074EPSS
CVE
CVE
added 2016/08/05 8:59 p.m.37 views

CVE-2016-3835

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 2...

5.5CVSS5.5AI score0.00154EPSS
CVE
CVE
added 2016/08/05 8:59 p.m.37 views

CVE-2016-3839

Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210.

5.5CVSS5.6AI score0.0013EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.37 views

CVE-2016-3885

debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal bu...

9.3CVSS7.5AI score0.00135EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.37 views

CVE-2016-3916

camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30741779.

9.3CVSS8AI score0.00135EPSS
CVE
CVE
added 2017/01/12 3:59 p.m.37 views

CVE-2016-6765

A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android...

7.1CVSS5.5AI score0.00145EPSS
CVE
CVE
added 2017/01/12 3:59 p.m.37 views

CVE-2016-6770

An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2...

4.3CVSS4.4AI score0.00043EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.37 views

CVE-2017-0478

A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the...

7.8CVSS7.5AI score0.06463EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.37 views

CVE-2017-0545

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessib...

9.3CVSS7.7AI score0.00084EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.37 views

CVE-2017-0588

A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the ...

9.3CVSS7.6AI score0.00272EPSS
CVE
CVE
added 2016/03/12 9:59 p.m.36 views

CVE-2016-0815

The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file...

10CVSS8.8AI score0.01903EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.36 views

CVE-2016-0838

Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, r...

10CVSS8.8AI score0.02229EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.36 views

CVE-2016-0846

libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signatur...

8.4CVSS7.8AI score0.00409EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.36 views

CVE-2016-2420

rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620.

9.3CVSS7.4AI score0.00071EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.36 views

CVE-2016-2457

server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179.

5.5CVSS6.2AI score0.00029EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.36 views

CVE-2016-2460

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer....

5.5CVSS5.5AI score0.00096EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.36 views

CVE-2016-2508

media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory cor...

9.3CVSS7.9AI score0.00326EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.36 views

CVE-2016-3762

The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application that uses (1) the AF_MSM_IPC socket class or (2) another socket class that is unrecognized by SELinux, aka internal bug 28612709.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.36 views

CVE-2016-3766

MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not check whether memory allocation succeeds, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file...

7.8CVSS7AI score0.00732EPSS
CVE
CVE
added 2016/08/05 8:59 p.m.36 views

CVE-2016-3824

omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827.

7.8CVSS7.5AI score0.00059EPSS
CVE
CVE
added 2016/08/05 8:59 p.m.36 views

CVE-2016-3836

The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402.

5.5CVSS5.5AI score0.00154EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.36 views

CVE-2016-3871

Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka internal bug 29422022.

9.3CVSS7.6AI score0.00196EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.36 views

CVE-2016-3913

media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate a certain static_cast operation, which allows attackers to gain privileges via a crafted applicat...

9.3CVSS8AI score0.00135EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.36 views

CVE-2016-3921

libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 29831647.

9.3CVSS7.6AI score0.00059EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.36 views

CVE-2017-0539

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediase...

9.3CVSS7.7AI score0.00286EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.36 views

CVE-2017-0546

An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally acces...

9.3CVSS7.7AI score0.00084EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.36 views

CVE-2017-0600

A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1...

7.1CVSS5.4AI score0.00111EPSS
CVE
CVE
added 2016/03/12 9:59 p.m.35 views

CVE-2016-0827

Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and E...

9.3CVSS7.5AI score0.00071EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.35 views

CVE-2016-0843

The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197.

8.4CVSS7.8AI score0.00015EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.35 views

CVE-2016-0847

The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502.

8.4CVSS7.5AI score0.00024EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.35 views

CVE-2016-0849

Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26...

8.4CVSS7.8AI score0.00015EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.35 views

CVE-2016-2416

libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified pr...

10CVSS7.9AI score0.00287EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.35 views

CVE-2016-2426

server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal b...

5.5CVSS5.5AI score0.00072EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.35 views

CVE-2016-3744

Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to gain privileges via a crafted pairing operation, aka internal bug 27930580.

7.5CVSS7.5AI score0.00154EPSS
Total number of security vulnerabilities268