CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2424
https://notcve.org/view.php?id=CVE-2016-2424
18 Apr 2016 — server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted application, aka internal bug 26513719. server/content/SyncStorageEngine.java en SyncStorageEngine en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones ... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 22EXPL: 0CVE-2016-0848
https://notcve.org/view.php?id=CVE-2016-0848
18 Apr 2016 — Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054. Condición de carrera en Download Manager en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2410
https://notcve.org/view.php?id=CVE-2016-2410
18 Apr 2016 — A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677. Un controlador de vídeo del kernel de Qualcomm en Android 6.x en versiones anteriores a 2016-04-01 permite a atacantes obtener privilegios a través de una aplicación manipulada que se aprovecha del control sobre un servicio que puede llamar a este controlador, también conocida como error inter... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0847
https://notcve.org/view.php?id=CVE-2016-0847
18 Apr 2016 — The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502. El Telecom Component en Android 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-04-01 permite a atacantes suplantar el número de teléfono de origen de una l... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2415
https://notcve.org/view.php?id=CVE-2016-2415
18 Apr 2016 — exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request, aka internal bug 26488455. exchange/eas/EasAutoDiscover.java en la implementación de Autodiscover en Exchange ActiveSync en Android 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2016-0841
https://notcve.org/view.php?id=CVE-2016-0841
18 Apr 2016 — media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840. media/libmedia/mediametadataretriever.cpp en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones ant... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0849
https://notcve.org/view.php?id=CVE-2016-0849
18 Apr 2016 — Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26960931. Múltiples desbordamientos de entero en minzip/SysUtil.c en el Recovery Procedure en Android 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2411
https://notcve.org/view.php?id=CVE-2016-2411
18 Apr 2016 — A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053. Un controlador del kernel de Qualcomm Power Management en Android 6.x en versiones anteriores a 2016-04-01 permite a atacantes obtener privilegios a través de una aplicación manipulada que se aprovecha del acceso root, también conocida como error interno 26866053. • http://source.android.com/security/bulletin/2016-04-02.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2413
https://notcve.org/view.php?id=CVE-2016-2413
18 Apr 2016 — media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627. media/libmedia/IOMX.cpp en mediaserver en Android 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-04-01 no inicializa un puntero... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2422
https://notcve.org/view.php?id=CVE-2016-2422
18 Apr 2016 — Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324357. Wi-Fi en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-04-01 n... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •