CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6609
https://notcve.org/view.php?id=CVE-2015-6609
libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624. libutils en Android en versiones anteriores a 5.1.1 LMY48X y 6.0 en versiones anteriores a 2015-11-01 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un archivo de audio manipulado, también conocido como error interno 22953624. • http://www.securitytracker.com/id/1034049 https://groups.google.com/forum/message/raw?msg=android-security-updates/n1aw2MGce4E/jhpVEWDUCAAJ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6608
https://notcve.org/view.php?id=CVE-2015-6608
mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073. mediaserver en Android 5.x en versiones anteriores a 5.1.1 LMY48X y 6.0 en versiones anteriores a 2015-11-01 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un archivo multimedia manipulado, también conocido como errores internos 19779574, 23680780, 23876444 y 23658148, una vulnerabilidad diferente a CVE-2015-8072 y CVE-2015-8073. • http://www.securitytracker.com/id/1034049 https://groups.google.com/forum/message/raw?msg=android-security-updates/n1aw2MGce4E/jhpVEWDUCAAJ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2015-7889 – Samsung - SecEmailComposer QUICK_REPLY_BACKGROUND Permissions
https://notcve.org/view.php?id=CVE-2015-7889
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. La aplicación SecEmailComposer/EmailComposer en Samsung S6 Edge, en versiones anteriores a la October 2015 MR, utiliza permisos débiles para la acción de servicio com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND. Esto puede permitir que atacantes remotos que conozcan la dirección de email local obtengan información sensible mediante una aplicación manipulada que envíe un intent manipulado. The SecEmailComposer/EmailComposer application used by the Samsung S6 Edge has an exported service action to do quick replies to emails. It was found that this action required no permissions to call, and could lead to an unprivileged application gaining access to email content. • https://www.exploit-db.com/exploits/38558 http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html http://www.securityfocus.com/bid/77339 https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1 • CWE-275: Permission Issues •
CVSS: 9.3EPSS: 6%CPEs: 1EXPL: 0CVE-2015-3876
https://notcve.org/view.php?id=CVE-2015-3876
libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. libstagefright en Android hasta la versión 5.1.1 LMY48M permite a atacantes remotos ejecutar código arbitario a través de metadatos manipulados en un archivo (1) MP3 o (2) MP4. • http://twitter.com/4Dgifts/statuses/649589185792339968 http://www.securitytracker.com/id/1033725 https://code.google.com/p/android/issues/detail?id=182386 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6602
https://notcve.org/view.php?id=CVE-2015-6602
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. libutils en Android hasta la versión 5.1.1 LMY48M permite a atacantes remotos ejecutar código arbitrario a través de metadatos manipulados en un archivo (1) MP3 o (2) MP4, según lo demostrado por un ataque contra el uso de libutils por libstagefright en Android 5.x. • http://www.securitytracker.com/id/1033725 https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media https://support.silentcircle.com/customer/en/portal/articles/2145864-privatos-1-1-12-release-notes https://threatpost.com/stagefright-2-0-vulnerabilities-affect-1-billion-android-devices/114863 • CWE-20: Improper Input Validation •