CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0812
https://notcve.org/view.php?id=CVE-2016-0812
07 Feb 2016 — The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25229538. La función interceptKeyBeforeDispatching en policy/src/com/android/internal/policy/impl/PhoneWindowMa... • http://source.android.com/security/bulletin/2016-02-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0813
https://notcve.org/view.php?id=CVE-2016-0813
07 Feb 2016 — packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check for device provisioning, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25476219. packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java en Setup Wizard en Android 5.1.x en versiones an... • http://source.android.com/security/bulletin/2016-02-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0774 – kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
https://notcve.org/view.php?id=CVE-2016-0774
03 Feb 2016 — The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array ove... • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 58%CPEs: 38EXPL: 14CVE-2016-0728 – Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-0728
19 Jan 2016 — The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. La función join_session_keyring en security/keys/process_keys.c en el kernel de Linux en versiones anteriores a 4.4.1 no maneja correctamente referencias a objetos en un cierto caso de error, lo que permite a usuarios l... • https://packetstorm.news/files/id/135330 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2015-6636
https://notcve.org/view.php?id=CVE-2015-6636
06 Jan 2016 — mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670. mediaserver en Android 5.x en versiones anteriores a 5.1.1 LMY49F y 6.0 en versiones anteriores a 2016-01-01 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo multimedia manipulado, tam... • http://source.android.com/security/bulletin/2016-01-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 1CVE-2015-6637
https://notcve.org/view.php?id=CVE-2015-6637
06 Jan 2016 — The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. El driver MediaTek misc-sd en Android en versiones anteriores a 5.1.1 LMY49F y 6.0 en versiones anteriores a 2016-01-01 permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocida como error interno 25307013. • https://github.com/betalphafai/CVE-2015-6637 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-6638
https://notcve.org/view.php?id=CVE-2015-6638
06 Jan 2016 — The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908. El driver Imagination Technologies en Android 5.x en versiones anteriores a 5.1.1 LMY49F y 6.0 en versiones anteriores a 2016-01-01 permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocida como error interno 24673908. • http://source.android.com/security/bulletin/2016-01-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1CVE-2015-6640
https://notcve.org/view.php?id=CVE-2015-6640
06 Jan 2016 — The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123. La función prctl_set_vma_anon_name en kernel/sys.c en Android en versiones anteriores a 5.1.1 LMY49F y 6.0 en versiones anteriores a 2016-01-01 no asegura que se accede a un solo vm... • https://github.com/betalphafai/CVE-2015-6640 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6641
https://notcve.org/view.php?id=CVE-2015-6641
06 Jan 2016 — Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. Bluetooth en Android 6.0 en versiones anteriores a 2016-01-01 permite a atacantes remotos obtener información sensible de Contacts aprovechándo el pareado, también conocida como error interno 23607427. • http://source.android.com/security/bulletin/2016-01-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-6642
https://notcve.org/view.php?id=CVE-2015-6642
06 Jan 2016 — The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888. El kernel en Android en versiones anteriores a 5.1.1 LMY49F y 6.0 en versiones anteriores a 2016-01-01 permite a atacantes obtener información sensible, y consecuentemente eludir un mecanismo de protección no especifi... • http://source.android.com/security/bulletin/2016-01-01.html • CWE-264: Permissions, Privileges, and Access Controls •