CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2413
https://notcve.org/view.php?id=CVE-2016-2413
18 Apr 2016 — media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627. media/libmedia/IOMX.cpp en mediaserver en Android 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-04-01 no inicializa un puntero... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2414
https://notcve.org/view.php?id=CVE-2016-2414
18 Apr 2016 — The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) via a crafted font, aka internal bug 26413177. La libería Minikin en Android 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-04-01 no considera correctamente los valores de tamaño negativos en... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2415
https://notcve.org/view.php?id=CVE-2016-2415
18 Apr 2016 — exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request, aka internal bug 26488455. exchange/eas/EasAutoDiscover.java en la implementación de Autodiscover en Exchange ActiveSync en Android 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2416
https://notcve.org/view.php?id=CVE-2016-2416
18 Apr 2016 — libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057. libs/gui/BufferQueueConsumer.cpp en mediaserver en Android 4.x en versiones an... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2418
https://notcve.org/view.php?id=CVE-2016-2418
18 Apr 2016 — media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358. media/libmedia/IOMX.cpp en mediaserver en Android 6.x en versiones anteriores a 2016-04-01 no inicializa determinados punteros a ... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2419
https://notcve.org/view.php?id=CVE-2016-2419
18 Apr 2016 — media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455. media/libmedia/IDrm.cpp en mediaserver en Android 6.x en versiones anteriores a 2016-04-01 no inicializa una determinada estr... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2016-2421
https://notcve.org/view.php?id=CVE-2016-2421
18 Apr 2016 — Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410. Setup Wizard en Android 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-04-01 permite a atacantes físicamente próximos eludir el mecanismo de protección Factory Reset Protection y eliminar datos a través de vectores no especificados, también conocida... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2422
https://notcve.org/view.php?id=CVE-2016-2422
18 Apr 2016 — Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324357. Wi-Fi en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-04-01 n... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.6EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2423
https://notcve.org/view.php?id=CVE-2016-2423
18 Apr 2016 — server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187. server/telecom/CallsManager.java en Telephony en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x ... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2424
https://notcve.org/view.php?id=CVE-2016-2424
18 Apr 2016 — server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted application, aka internal bug 26513719. server/content/SyncStorageEngine.java en SyncStorageEngine en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones ... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-20: Improper Input Validation •