CVSS: 9.8EPSS: 0%CPEs: 45EXPL: 0CVE-2016-1155
https://notcve.org/view.php?id=CVE-2016-1155
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies. Vulnerabilidad de inyección de encabezado HTTP en la clase URLConnection en Android OS 2.2 a 6.0 permite a atacantes remotos ejecutar scripts arbitrarios o establecer valores arbitrarios en cookies. • http://www.securityfocus.com/bid/97662 https://android.googlesource.com/platform/external/okhttp/+/71b9f47b26fb57ac3e436a19519c6e3ec70e86eb https://jvn.jp/vu/JVNVU99757346/index.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 41EXPL: 0CVE-2014-7920
https://notcve.org/view.php?id=CVE-2014-7920
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921. Mediaserver en Android 2.2 a 5.x en versiones anteriores a 5.1 permite a los atacantes obtener privilegios. NOTA: Esta es una vulnerabilidad diferente a CVE-2014-7921. • https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E%21 https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2014-7921
https://notcve.org/view.php?id=CVE-2014-7921
mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920. Mediaserver en Android 4.0.3 a 5.x en versiones anteriores a 5.1 permite a los atacantes obtener privilegios. NOTA: Esta es una vulnerabilidad diferente a CVE-2014-7920. • https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E%21 https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5856
https://notcve.org/view.php?id=CVE-2016-5856
Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857. Drivers/soc/qcom/spcom.c en el driver Qualcom SPCom en el kernel de Android 2017-03-05 permite a usuarios locales obtener privilegios, una vulnerabilidad diferente a CVE-2016-5857. • http://www.securitytracker.com/id/1037968 https://source.android.com/security/bulletin/2017-03-01 https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0c0622914ba53cdcb6e79e85f64bfdf7762c0368 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0551
https://notcve.org/view.php?id=CVE-2017-0551
A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097231. • http://www.securityfocus.com/bid/97336 http://www.securitytracker.com/id/1038201 https://android.googlesource.com/platform/external/libavc/+/494561291a503840f385fbcd11d9bc5f4dc502b8 https://android.googlesource.com/platform/external/libavc/+/8b5fd8f24eba5dd19ab2f80ea11a9125aa882ae2 https://source.android.com/security/bulletin/2017-04-01 •