CVSS: 7.1EPSS: 0%CPEs: 23EXPL: 0CVE-2016-3899
https://notcve.org/view.php?id=CVE-2016-3899
11 Sep 2016 — OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29421811. OMXCodec.cpp en libstagefright en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1, 6.x... • http://source.android.com/security/bulletin/2016-09-01.html • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3868
https://notcve.org/view.php?id=CVE-2016-3868
11 Sep 2016 — The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm internal bug CR1032875. El controlador de energía Qualcomm en Android en versiones anteriores a 2016-09-05 en dispositivos Nexus 5X y 6P permite a atacantes obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como error interno de Android 28967028 y error interno de Qualcomm CR103... • http://source.android.com/security/bulletin/2016-09-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3865
https://notcve.org/view.php?id=CVE-2016-3865
11 Sep 2016 — The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389. El controlador de pantalla táctil Synaptics en Android en versiones anteriores a 2016-09-05 en dispositivos Nexus 5X y 9 permite a atacantes obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como error interno 28799389. • http://source.android.com/security/bulletin/2016-09-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 23EXPL: 0CVE-2016-3870
https://notcve.org/view.php?id=CVE-2016-3870
11 Sep 2016 — omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not prevent input-port changes, which allows attackers to gain privileges via a crafted application, aka internal bug 29421804. omx/SimpleSoftOMXComponent.cpp en libstagefright en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1, 6.x en ... • http://source.android.com/security/bulletin/2016-09-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 3%CPEs: 23EXPL: 4CVE-2016-3861 – Google Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-3861
08 Sep 2016 — LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543. LibUtils en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1... • https://packetstorm.news/files/id/138624 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5344
https://notcve.org/view.php?id=CVE-2016-5344
30 Aug 2016 — Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c. Múltiples desbordamientos de entero en el controlador MDSS para el kernel 3.x de Linux, tal como se utiliza en contribuciones Qualcomm Innovation Center (QuIC) And... • http://source.android.com/security/bulletin/2016-10-01.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5342
https://notcve.org/view.php?id=CVE-2016-5342
30 Aug 2016 — Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact by writing to /dev/wcnss_wlan with an unexpected amount of data. Desbordamiento de búfer basado en memoria dinámica en la función wcnss_wlan_write en drivers/ne... • http://source.android.com/security/bulletin/2016-10-01.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5340
https://notcve.org/view.php?id=CVE-2016-5340
07 Aug 2016 — The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name. La función is_ashmem_file en drivers/staging/android/ashmem.c en un cierto parche Qualcomm Innovation Center (QuIC) Android para el kernel de Linux 3.x no maneja adecuadamente validac... • http://source.android.com/security/bulletin/2016-10-01.html • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 5CVE-2016-5696 – kernel: challenge ACK counter information disclosure.
https://notcve.org/view.php?id=CVE-2016-5696
06 Aug 2016 — net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. net/ipv4/tcp_input.c en el kernel de Linux en versiones anteriores a 4.7 no determina adecuadamente la tasa de segmentos de desafío ACK, lo que facilita a atacantes remotos secuestrar sesiones TCP a través de un ataque ciego en ventana. It was found that the RFC 5961 challenge ACK rate limiting as i... • https://github.com/Gnoxter/mountain_goat • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9872
https://notcve.org/view.php?id=CVE-2014-9872
06 Aug 2016 — The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721. El controlador diag en los componentes de Qualcomm en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus 5 no asegura identificadores únicos en una tabla de cliente DCI, lo que permite a atacantes obtener pri... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-20: Improper Input Validation •