CVE-2016-1155
https://notcve.org/view.php?id=CVE-2016-1155
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies. Vulnerabilidad de inyección de encabezado HTTP en la clase URLConnection en Android OS 2.2 a 6.0 permite a atacantes remotos ejecutar scripts arbitrarios o establecer valores arbitrarios en cookies. • http://www.securityfocus.com/bid/97662 https://android.googlesource.com/platform/external/okhttp/+/71b9f47b26fb57ac3e436a19519c6e3ec70e86eb https://jvn.jp/vu/JVNVU99757346/index.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2014-7920
https://notcve.org/view.php?id=CVE-2014-7920
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921. Mediaserver en Android 2.2 a 5.x en versiones anteriores a 5.1 permite a los atacantes obtener privilegios. NOTA: Esta es una vulnerabilidad diferente a CVE-2014-7921. • https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E%21 https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-5856
https://notcve.org/view.php?id=CVE-2016-5856
Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857. Drivers/soc/qcom/spcom.c en el driver Qualcom SPCom en el kernel de Android 2017-03-05 permite a usuarios locales obtener privilegios, una vulnerabilidad diferente a CVE-2016-5857. • http://www.securitytracker.com/id/1037968 https://source.android.com/security/bulletin/2017-03-01 https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0c0622914ba53cdcb6e79e85f64bfdf7762c0368 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2017-0578
https://notcve.org/view.php?id=CVE-2017-0578
An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406. • http://www.securityfocus.com/bid/97358 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01 •
CVE-2017-0562
https://notcve.org/view.php?id=CVE-2017-0562
An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202425. • http://www.securityfocus.com/bid/97345 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01 •