CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3840
https://notcve.org/view.php?id=CVE-2016-3840
05 Aug 2016 — Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153. Conscrypt en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-08-05 no identifica adecuadamente la reutilización de sesión, lo que permite a atacan... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3821
https://notcve.org/view.php?id=CVE-2016-3821
05 Aug 2016 — libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152. libmedia en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones ant... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3839
https://notcve.org/view.php?id=CVE-2016-3839
05 Aug 2016 — Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210. Bluetooth en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-08-01 permite a atacantes provocar una denegación de s... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3831
https://notcve.org/view.php?id=CVE-2016-3831
05 Aug 2016 — The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a "Year 2038 problem." El componente telephony en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores ... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3834
https://notcve.org/view.php?id=CVE-2016-3834
05 Aug 2016 — The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701. La cámara APIs en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-08-01 permite a atacantes eludir restricciones destinad... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-3825
https://notcve.org/view.php?id=CVE-2016-3825
05 Aug 2016 — mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964. mm-video-v4l2/vidc/venc/src/omx_video_base.cpp en mediaserver en Android 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-08-01 asigna una cantidad de memoria incorrecta, ... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-3836
https://notcve.org/view.php?id=CVE-2016-3836
05 Aug 2016 — The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402. El servicio SurfaceFlinger en Android 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-08-01 permite a atacantes obtener información sensible a través de una aplicación ma... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3849
https://notcve.org/view.php?id=CVE-2016-3849
05 Aug 2016 — The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740. El controlador ION en Android en versiones anteriores a 2016-08-05 en dispositivos Pixel C permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 28939740. • http://source.android.com/security/bulletin/2016-08-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3846
https://notcve.org/view.php?id=CVE-2016-3846
05 Aug 2016 — The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378. El controlador Serial Peripheral Interface en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus 5X y 6P permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 28817378. • http://source.android.com/security/bulletin/2016-08-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3850
https://notcve.org/view.php?id=CVE-2016-3850
05 Aug 2016 — Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug CR945164. Desbordamiento de entero en app/aboot/aboot.c en el gestor de arranque de Qualcomm en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus 5, 5X, 6P y 7 (2013) permite a atacantes obtener privilegios a través de u... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-264: Permissions, Privileges, and Access Controls •