CVSS: 8.8EPSS: 26%CPEs: 6EXPL: 2CVE-2016-6754 – Google Android - 'BadKernel' Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-6754
25 Nov 2016 — A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937. Una vulnerabilidad de ejecución de código remoto en Webview en Android 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en ve... • https://www.exploit-db.com/exploits/40846 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3904
https://notcve.org/view.php?id=CVE-2016-3904
25 Nov 2016 — An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30311977. References: Qualcomm QC-CR#1050455. Una vulnerabilidad de elevación de privilegio en el controlador bus de Qualcomm en Android en versiones anteriores a 05-11-2016 podría habilitar una aplicación loca... • http://www.securityfocus.com/bid/94210 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3906
https://notcve.org/view.php?id=CVE-2016-3906
25 Nov 2016 — An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30445973. References: Qualcomm QC-CR#1054344. Una vulnerabilidad de divulgación de información en componentes Qualcomm incluyendo el con... • http://www.securityfocus.com/bid/94139 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3907
https://notcve.org/view.php?id=CVE-2016-3907
25 Nov 2016 — An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30593266. References: Qualcomm QC-CR#1054352. Una vulnerabilidad de divulgación de información en componentes Qualcomm incluyendo el con... • http://www.securityfocus.com/bid/94139 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 1CVE-2016-6723 – Android Proxy Auto Config (PAC) Crash
https://notcve.org/view.php?id=CVE-2016-6723
08 Nov 2016 — A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Android ID: A-30100884. Una vulnerabilidad de denegación de servicio en Proxy Auto Config en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones... • https://packetstorm.news/files/id/139613 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2016-7988
https://notcve.org/view.php?id=CVE-2016-7988
31 Oct 2016 — On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542. En dispositivos Samsung Galaxy S4 hasta la versión S7, la ausencia de permisos en el responsable BroadcastReceiver de manejar los intentos com.[Samsung].android.intent.action.SET_WIFI lleva a que los mensaje... • http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016 • CWE-275: Permission Issues CWE-388: 7PK - Errors •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2016-7989
https://notcve.org/view.php?id=CVE-2016-7989
31 Oct 2016 — On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542. En dispositivos Samsung Galaxy S4 hasta la versión S7, un OTA WAP PUSH SMS mal formado que contiene un mensaje enviado... • http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016 • CWE-254: 7PK - Security Features •
CVSS: 10.0EPSS: 1%CPEs: 21EXPL: 0CVE-2016-7990
https://notcve.org/view.php?id=CVE-2016-7990
31 Oct 2016 — On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542. En dispositivos Samsung Galaxy S4 hasta la versión S7, existe una condición de desbordamiento de entero dentro de libomacp.so al analizar mensajes OMACP (dentro de mensajes WAP Push SMS) que conducen a una corrupción de la p... • http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016 • CWE-190: Integer Overflow or Wraparound CWE-388: 7PK - Errors •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2016-7991
https://notcve.org/view.php?id=CVE-2016-7991
31 Oct 2016 — On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542. En dispositivos Samsung Galaxy S4 hasta la versión S7, la aplicación "omacp" ignora información de seguridad incrustada en los mensajes OMACP resultando en que mensajes WAP Push SMS remotos no solicitados son aceptad... • http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016 • CWE-388: 7PK - Errors •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3932
https://notcve.org/view.php?id=CVE-2016-3932
10 Oct 2016 — mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 29161895 and MediaTek internal bug ALPS02770870. mediaserver en Android en versiones anteriores a 2016-10-05 permite a atacantes obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como error interno de Android 29161895 y error interno de MediaTek ALPS02770870. • http://source.android.com/security/bulletin/2016-10-01.html • CWE-264: Permissions, Privileges, and Access Controls •