CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3835
https://notcve.org/view.php?id=CVE-2016-3835
05 Aug 2016 — The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116. La característica sesión segura en el componente mm-video-v4l2 venc en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9901
https://notcve.org/view.php?id=CVE-2014-9901
05 Aug 2016 — The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711. El controlador Wi-Fi Qualcomm en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus 7 (2013) hace llamadas snprintf incorrectas, lo que permite a atacantes remotos provocar una denegación de servicio (colgado d... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3853
https://notcve.org/view.php?id=CVE-2016-3853
05 Aug 2016 — Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208. Servicios Google Play en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus permite a usuarios locales eludir el mecanismo de protección Factory Reset Protection y eliminar datos a través de vectores no especificados, también conocido como error interno 26803208. • http://source.android.com/security/bulletin/2016-08-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3847
https://notcve.org/view.php?id=CVE-2016-3847
05 Aug 2016 — The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433. El controlador de medios NVIDIA en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus 9 permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 28871433. • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3851
https://notcve.org/view.php?id=CVE-2016-3851
05 Aug 2016 — The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941. El gestor de arranque Android LG Electronics en versiones anteriores a 2016-08-05 en dispositivos Nexus 5X permite a atacantes obtener privilegios aprovechando el acceso a un proceso privilegiado, también conocido como error interno 29189941. • http://source.android.com/security/bulletin/2016-08-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2016-3822
https://notcve.org/view.php?id=CVE-2016-3822
05 Aug 2016 — exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315. " exif.c en Matthias Wandel jhead 2.87, como se usa en libjhead en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versione... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3830
https://notcve.org/view.php?id=CVE-2016-3830
05 Aug 2016 — codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599. codecs/aacdec/SoftAAC2.cpp en libstagefright en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-08-01 pe... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2497
https://notcve.org/view.php?id=CVE-2016-2497
05 Aug 2016 — services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489. services/core/java/com/android/server/pm/PackageManagerService.java en el marco de referencia APIs en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3820
https://notcve.org/view.php?id=CVE-2016-3820
05 Aug 2016 — The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410. El decodificador ih264d en mediaserver en Android 6.x en versiones anteriores a 2016-08-01 no maneja adecuadamente números de sector, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a t... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2504
https://notcve.org/view.php?id=CVE-2016-2504
05 Aug 2016 — The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974. El controlador GPU Qualcomm en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus 5, 5X, 6, 6P y 7 (2013) permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno de Android 28026365 y error interno de Qualc... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-264: Permissions, Privileges, and Access Controls •