Android@6.0 Security Vulnerabilities and Issues — Android@6.0 CVE List

Lucene search

GoogleAndroid6.0

25 matches found

CVE•added 2015/08/08 10:59 a.m.•257 views

CVE-2015-1805

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain pr...

7.2CVSS6.1AI score0.08517EPSS

CVE•added 2015/12/06 1:59 a.m.•65 views

CVE-2015-6783

The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP ...

4.3CVSS8.5AI score0.00254EPSS

CVE•added 2015/12/08 11:59 p.m.•54 views

CVE-2015-6616

mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and 23882800, a different vulnerability than CVE-2015-8505, CVE-2015-8506, and...

9.3CVSS7.6AI score0.01816EPSS

CVE•added 2015/12/08 11:59 p.m.•52 views

CVE-2015-6626

libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 243...

5CVSS6.8AI score0.0012EPSS

CVE•added 2015/12/08 11:59 p.m.•48 views

CVE-2015-6620

libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and 24445127.

9.3CVSS7AI score0.12567EPSS

CVE•added 2015/11/03 11:59 a.m.•47 views

CVE-2015-6611

mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23905951, 23912202, 23953967, 23696300, 23600291, 23756261, 23541506, 232...

5CVSS6.6AI score0.00117EPSS

CVE•added 2015/12/08 11:59 p.m.•47 views

CVE-2015-6617

Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740.

9.3CVSS9.2AI score0.00934EPSS

CVE•added 2015/11/03 11:59 a.m.•46 views

CVE-2015-6608

mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015...

10CVSS7.6AI score0.03758EPSS

CVE•added 2015/12/08 11:59 p.m.•46 views

CVE-2015-6632

5CVSS6.8AI score0.0012EPSS

CVE•added 2015/12/08 11:59 p.m.•46 views

CVE-2015-6633

The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307.

9.3CVSS7.9AI score0.00688EPSS

CVE•added 2015/12/08 11:59 p.m.•44 views

CVE-2015-6619

The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714.

9.3CVSS6.6AI score0.00147EPSS

CVE•added 2015/12/08 11:59 p.m.•44 views

CVE-2015-6621

SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438.

9.3CVSS6.8AI score0.00157EPSS

CVE•added 2015/12/08 11:59 p.m.•44 views

CVE-2015-8506

mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8507...

9.3CVSS7.5AI score0.01816EPSS

CVE•added 2015/11/03 11:59 a.m.•43 views

CVE-2015-6612

libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.

9.3CVSS6.7AI score0.07723EPSS

CVE•added 2015/12/08 11:59 p.m.•43 views

CVE-2015-6623

Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703.

9.3CVSS6.8AI score0.00157EPSS

CVE•added 2015/12/08 11:59 p.m.•42 views

CVE-2015-6628

Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24074485.

5CVSS6.6AI score0.001EPSS

CVE•added 2015/12/08 11:59 p.m.•42 views

CVE-2015-6631

5CVSS6.8AI score0.00143EPSS

CVE•added 2015/11/03 11:59 a.m.•40 views

CVE-2015-6613

Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736.

5.1CVSS6.9AI score0.00141EPSS

CVE•added 2015/12/08 11:59 p.m.•40 views

CVE-2015-6622

The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal...

5CVSS6.6AI score0.001EPSS

CVE•added 2015/12/08 11:59 p.m.•40 views

CVE-2015-8507

mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8506.

9.3CVSS7.5AI score0.01816EPSS

CVE•added 2015/11/03 11:59 a.m.•38 views

CVE-2015-6610

libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088.

10CVSS6.7AI score0.00212EPSS

CVE•added 2015/12/08 11:59 p.m.•38 views

CVE-2015-6630

SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797.

4.3CVSS6.6AI score0.001EPSS

CVE•added 2015/12/08 11:59 p.m.•37 views

CVE-2015-6627

The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24211743.

2.6CVSS6.2AI score0.00163EPSS

CVE•added 2015/12/08 11:59 p.m.•34 views

CVE-2015-6624

System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740.

4.3CVSS6AI score0.001EPSS

CVE•added 2015/12/08 11:59 p.m.•32 views

CVE-2015-6625

System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840.

4.3CVSS6.2AI score0.001EPSS