CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2418
https://notcve.org/view.php?id=CVE-2016-2418
18 Apr 2016 — media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358. media/libmedia/IOMX.cpp en mediaserver en Android 6.x en versiones anteriores a 2016-04-01 no inicializa determinados punteros a ... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2412
https://notcve.org/view.php?id=CVE-2016-2412
18 Apr 2016 — include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930. include/core/SkPostConfig.h en Skia, como se utiliza en System_server en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0835
https://notcve.org/view.php?id=CVE-2016-0835
18 Apr 2016 — decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014. decoder/impeg2d_dec_hdr.c en mediaserver en Android 6.x en versiones anteriores a 2016-04-01 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo multimedia manip... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2427
https://notcve.org/view.php?id=CVE-2016-2427
18 Apr 2016 — The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568. NOTE: The vendor disputes the existence of this potential issue in Android, stating "This CVE was raised in error: it referred to the authentication tag size in GCM, whose default according to ASN.1 encoding... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0844
https://notcve.org/view.php?id=CVE-2016-0844
18 Apr 2016 — The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307. El controlador del Qualcomm RF en Android 6.x en versiones anteriores a 2016-04-01 no restringe correctamente el acceso a llamadas ioctl al socket, lo que permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocida como error interno 26324307. • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2016-0837
https://notcve.org/view.php?id=CVE-2016-0837
18 Apr 2016 — MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka internal bug 27208621. MPEG4Extractor.cpp en libstagefright en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en vers... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 23EXPL: 0CVE-2016-1503 – Gentoo Linux Security Advisory 201606-07
https://notcve.org/view.php?id=CVE-2016-1503
18 Apr 2016 — dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634. dhcpcd en versiones anteriores a 6.10.0, como se utiliza en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anter... • http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2426
https://notcve.org/view.php?id=CVE-2016-2426
18 Apr 2016 — server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 26094635. server/content/ContentService.java en el componente Framework en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en vers... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 0%CPEs: 22EXPL: 4CVE-2016-0846 – Google Android - IMemory Native Interface is Insecure for IPC Use
https://notcve.org/view.php?id=CVE-2016-0846
09 Apr 2016 — libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992. libs/binder/IMemory.cpp en la IMemory Native Interface en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en vers... • https://packetstorm.news/files/id/136631 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 22EXPL: 2CVE-2016-2417 – Google Android - IOMX 'getConfig'/'getParameter' Information Disclosure
https://notcve.org/view.php?id=CVE-2016-2417
09 Apr 2016 — media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474. media/libmedia/IOMX.cpp en mediaserver en Android 4.x en versiones anteri... • https://packetstorm.news/files/id/136632 • CWE-264: Permissions, Privileges, and Access Controls •