CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1525
https://notcve.org/view.php?id=CVE-2015-1525
audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address. El archivo audio/AudioPolicyManagerBase.cpp en Android versiones anteriores a 5.1, permite a atacantes causar una denegación de servicio (interrupción de la aplicación audio_policy) por medio de una aplicación diseñada que provee una dirección de dispositivo NULL. • https://android.googlesource.com/platform/hardware/libhardware_legacy/+/2d2ea50%5E%21 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1530 – Android Media Integer Overflow
https://notcve.org/view.php?id=CVE-2015-1530
media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size. El archivo media/libmedia/IAudioPolicyService.cpp en Android versiones anteriores a 5.1, permite a atacantes ejecutar código arbitrario con privilegios de media_server o causar una denegación de servicio (desbordamiento de enteros) por medio de una aplicación diseñada que proporciona un tamaño de matriz no válido. • https://android.googlesource.com/platform/frameworks/av/+/74adca9%5E%21 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7914 – (Mobile Pwn2Own) Google Android Bluetooth Forced Pairing Vulnerability
https://notcve.org/view.php?id=CVE-2014-7914
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. En el archivo btif/src/btif_dm.c en Android versiones anteriores a 5.1, no aplica apropiadamente la naturaleza temporal de emparejar Bluetooth, lo que permite a atacantes remotos asistidos por el usuario omitir las restricciones de acceso previstas mediante paquetes Bluetooth diseñados luego del aprovechamiento de una etiqueta NFC diseñada This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Android. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth application stack allowing for arbitrary Host Controller Interface commands to be issued without prior pairing. By obtaining a Bluetooth address, creating and emulating a Bluetooth out-of-band 'handover' NFC NDEF tag, and sniffing encryption keys and exchanging them with the device, an attacker can force pairing with a Bluetooth device. A remote attacker can use this to achieve remote code execution under the context of the process. • https://android.googlesource.com/platform/external/bluetooth/bluedroid/+/0360aa7c418152a3e5e335a065ac3629cbb09559 • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1474 – Google Android Integer Oveflow / Heap Corruption
https://notcve.org/view.php?id=CVE-2015-1474
Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values. Múltiples desbordamientos de enteros en la función GraphicBuffer::unflatten en platform/frameworks/native/libs/ui/GraphicBuffer.cpp en Android hasta 5.0 permiten a atacantes ganar privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores que provocan un número grande de (1) descriptores de ficheros o (2) valores de enteros. Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of file descriptors or integer values. All versions below Lollipop 5.1 are affected. • http://packetstormsecurity.com/files/130778/Google-Android-Integer-Oveflow-Heap-Corruption.html http://seclists.org/fulldisclosure/2015/Mar/63 http://www.securityfocus.com/bid/72788 http://www.securitytracker.com/id/1031875 https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091 https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 5%CPEs: 8EXPL: 4CVE-2014-0997 – Android WiFi-Direct - Denial of Service
https://notcve.org/view.php?id=CVE-2014-0997
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. WiFiMonitor en Android 4.4.4 tal y como se emplea en Nexus 5 y 4, Android 4.2.2 tal y como se emplea en LG D806, Android 4.2.2 tal y como se emplea en Samsung SM-T310, Android 4.1.2 tal y como se emplea en Motorola RAZR HD y potencialmente en otras distribuciones Android anteriores a la 5.0.1 y 5.0.2 no gestiona correctamente las excepciones. Esto permite que los atacantes remotos provoquen una denegación de servicio (reinicio) mediante un marco de respuesta de sonda 802.11. • https://www.exploit-db.com/exploits/35913 http://packetstormsecurity.com/files/130107/Android-WiFi-Direct-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/Jan/104 http://www.securityfocus.com/archive/1/534544/100/0/threaded http://www.securityfocus.com/bid/72311 https://www.coresecurity.com/advisories/android-wifi-direct-denial-service • CWE-19: Data Processing Errors •