CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6774
https://notcve.org/view.php?id=CVE-2016-6774
12 Jan 2017 — An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 7.0. Android ID: A-31251489. • http://www.securityfocus.com/bid/94705 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6773
https://notcve.org/view.php?id=CVE-2016-6773
12 Jan 2017 — An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-30481714. • http://www.securityfocus.com/bid/94707 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 24EXPL: 0CVE-2016-6765
https://notcve.org/view.php?id=CVE-2016-6765
12 Jan 2017 — A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945. • http://www.securityfocus.com/bid/94688 • CWE-19: Data Processing Errors •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6771
https://notcve.org/view.php?id=CVE-2016-6771
12 Jan 2017 — An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-31566390. • http://www.securityfocus.com/bid/94706 • CWE-284: Improper Access Control •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6788
https://notcve.org/view.php?id=CVE-2016-6788
12 Jan 2017 — An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31224428. • http://www.securityfocus.com/bid/94687 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 0CVE-2016-6764
https://notcve.org/view.php?id=CVE-2016-6764
12 Jan 2017 — A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31681434. • http://www.securityfocus.com/bid/94688 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0CVE-2016-6767
https://notcve.org/view.php?id=CVE-2016-6767
12 Jan 2017 — A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4. Android ID: A-31833604. • http://www.securityfocus.com/bid/94688 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6783
https://notcve.org/view.php?id=CVE-2016-6783
12 Jan 2017 — An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350044. • http://www.securityfocus.com/bid/94683 • CWE-284: Improper Access Control •
CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 0CVE-2016-6763
https://notcve.org/view.php?id=CVE-2016-6763
12 Jan 2017 — A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31530456. • http://www.securityfocus.com/bid/94711 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6910
https://notcve.org/view.php?id=CVE-2016-6910
23 Dec 2016 — The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The vulnerable system app gives a non-existent app the ability to read the notifications from the device, which a third-party app can utilize if it uses a package name of com.samsung.android.app.portalservicewidget. This vulnerability allows an... • http://www.kryptowire.com/disclosures/CVE-2016-6910/Factory_Resets_and_Obtaining_Notifications_on_Samsung_Android_Devices.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •