CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0807
https://notcve.org/view.php?id=CVE-2016-0807
07 Feb 2016 — The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394. La función get_build_id en elf_utils.cpp en Debuggerd en Android 6.x en versiones anteriores a 2016-02-01 permite a atacantes obtener privilegios a través de una aplicación manipulada que maneja indebidamente un elemento Desc Size en un ELF Note, también conocido como error interno... • http://source.android.com/security/bulletin/2016-02-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0812
https://notcve.org/view.php?id=CVE-2016-0812
07 Feb 2016 — The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25229538. La función interceptKeyBeforeDispatching en policy/src/com/android/internal/policy/impl/PhoneWindowMa... • http://source.android.com/security/bulletin/2016-02-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0811
https://notcve.org/view.php?id=CVE-2016-0811
07 Feb 2016 — Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375. Desbordamiento de entero en la función BnCrypto::onTransact en media/libmedia/ICrypto.cpp en libmediaplayerservice en An... • http://source.android.com/security/bulletin/2016-02-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0806
https://notcve.org/view.php?id=CVE-2016-0806
07 Feb 2016 — The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453. El controlador Qualcomm Wi-Fi en el kernel en Android 4.x en versiones anteriores a 4.4.4, 5.x en versiones anteriores a 5.1.1 LMY49G y 6.x en versiones anteriores a 2016-02-01 permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 25344453. • http://source.android.com/security/bulletin/2016-02-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2016-0804
https://notcve.org/view.php?id=CVE-2016-0804
07 Feb 2016 — The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434. La función NuPlayer::GenericSource::notifyPreparedAndCleanup en media/libmediaplayerservice/nuplayer/GenericSou... • http://source.android.com/security/bulletin/2016-02-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0809
https://notcve.org/view.php?id=CVE-2016-0809
07 Feb 2016 — Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal bug 25753768. Vulnerabilidad de uso después de liberación de memoria en la función wifi_cleanup en bcmdhd/wifi_hal/wifi_hal.cpp en Wi-Fi en Android 6.x en versiones anteriores a 2016-02-01 permite a atacantes obtener privilegios apro... • http://source.android.com/security/bulletin/2016-02-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.4EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0805
https://notcve.org/view.php?id=CVE-2016-0805
07 Feb 2016 — The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204. El administrador de rendimiento de eventos para procesadores Qualcomm ARM en Android 4.x en versiones anteriores a 4.4.4, 5.x en versiones anteriores a 5.1.1 LMY49G y 6.x en versiones anteriores a 2016-02-01 permite a atacantes obtener privilegios a través de una aplicación manipulad... • http://source.android.com/security/bulletin/2016-02-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 25EXPL: 0CVE-2016-0803
https://notcve.org/view.php?id=CVE-2016-0803
07 Feb 2016 — libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794. libstagefright en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.x en versiones anteriores a 5.1.1 LMY49G y 6.x en versiones anteriores... • http://source.android.com/security/bulletin/2016-02-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2016-0808
https://notcve.org/view.php?id=CVE-2016-0808
07 Feb 2016 — Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298. Desbordamiento de entero en la función getCoverageFormat12 en CmapCoverage.cpp en la librería Minikin en Android 5.x en versiones anteriores a 5.1.1 LMY49G y 6.x en versiones anteriores a 2016-02... • http://source.android.com/security/bulletin/2016-02-01.html • CWE-19: Data Processing Errors •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0813
https://notcve.org/view.php?id=CVE-2016-0813
07 Feb 2016 — packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check for device provisioning, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25476219. packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java en Setup Wizard en Android 5.1.x en versiones an... • http://source.android.com/security/bulletin/2016-02-01.html • CWE-264: Permissions, Privileges, and Access Controls •