CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2425
https://notcve.org/view.php?id=CVE-2016-2425
18 Apr 2016 — mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185. mail/compose/ComposeActivity.java en AOSP Mail en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-04-0... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2426
https://notcve.org/view.php?id=CVE-2016-2426
18 Apr 2016 — server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 26094635. server/content/ContentService.java en el componente Framework en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en vers... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2427
https://notcve.org/view.php?id=CVE-2016-2427
18 Apr 2016 — The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568. NOTE: The vendor disputes the existence of this potential issue in Android, stating "This CVE was raised in error: it referred to the authentication tag size in GCM, whose default according to ASN.1 encoding... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 0%CPEs: 22EXPL: 4CVE-2016-0846 – Google Android - IMemory Native Interface is Insecure for IPC Use
https://notcve.org/view.php?id=CVE-2016-0846
09 Apr 2016 — libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992. libs/binder/IMemory.cpp en la IMemory Native Interface en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en vers... • https://packetstorm.news/files/id/136631 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 11%CPEs: 22EXPL: 2CVE-2016-2417 – Google Android - IOMX 'getConfig'/'getParameter' Information Disclosure
https://notcve.org/view.php?id=CVE-2016-2417
09 Apr 2016 — media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474. media/libmedia/IOMX.cpp en mediaserver en Android 4.x en versiones anteri... • https://packetstorm.news/files/id/136632 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0819
https://notcve.org/view.php?id=CVE-2016-0819
12 Mar 2016 — The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. El rendimiento del componente Qualcomm en Android 4.x en versiones anteriores a 4.4.4, 5.x en versiones anteriores a 5.1.1 LMY49H y 6.x en versiones anteriores a 2016-03-01 permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 25364034. • http://source.android.com/security/bulletin/2016-03-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 24EXPL: 0CVE-2016-0815
https://notcve.org/view.php?id=CVE-2016-0815
12 Mar 2016 — The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. La función MPEG4Source::fragmentedRead en MPEG4Extractor.cpp en libstagefright en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.x en versiones anteriores a 5.1.1 LMY49H... • http://source.android.com/security/bulletin/2016-03-01.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 0CVE-2016-0816
https://notcve.org/view.php?id=CVE-2016-0816
12 Mar 2016 — mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803. mediaserver en Android 6.x en versiones anteriores a 2016-03-01 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un archivo multimedia manipulado, relacionado ... • http://source.android.com/security/bulletin/2016-03-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0818
https://notcve.org/view.php?id=CVE-2016-0818
12 Mar 2016 — The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. La funcionalidad de almacenamiento en caché en la clase TrustManagerImpl en TrustManagerImpl.java en Conscryp... • http://source.android.com/security/bulletin/2016-03-01.html • CWE-254: 7PK - Security Features CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0824
https://notcve.org/view.php?id=CVE-2016-0824
12 Mar 2016 — libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591. libmpeg2 en libstagefright en Android 6.x en versiones anteriores a 2016-03-01 permite a atacantes obtener información sensible, y consecuentemente eludir un mecanismo de protección no especificado, a través de datos B... • http://source.android.com/security/bulletin/2016-03-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •