CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3843
https://notcve.org/view.php?id=CVE-2016-3843
05 Aug 2016 — Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071. Android en versiones anteriores a 2016-08-05 no restringue adecuadamente ejecución de código en un contexto kernel, lo que permite a atacantes obtener privilegios a través de un... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3844
https://notcve.org/view.php?id=CVE-2016-3844
05 Aug 2016 — mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517. mediaserver en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus 9 y Pixel C permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 28299517. • http://source.android.com/security/bulletin/2016-08-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3827
https://notcve.org/view.php?id=CVE-2016-3827
05 Aug 2016 — codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956. codecs/hevcdec/SoftHEVC.cpp en libstagefright en mediaserver en Android 6.0.1 en versiones anteriores a 2016-08-01 no maneja adecuadamente errores del decodificador, lo que permite a atacantes remotos provocar una denegación de servicio (colgado de disp... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-172: Encoding Error •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3835
https://notcve.org/view.php?id=CVE-2016-3835
05 Aug 2016 — The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116. La característica sesión segura en el componente mm-video-v4l2 venc en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9901
https://notcve.org/view.php?id=CVE-2014-9901
05 Aug 2016 — The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711. El controlador Wi-Fi Qualcomm en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus 7 (2013) hace llamadas snprintf incorrectas, lo que permite a atacantes remotos provocar una denegación de servicio (colgado d... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3853
https://notcve.org/view.php?id=CVE-2016-3853
05 Aug 2016 — Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208. Servicios Google Play en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus permite a usuarios locales eludir el mecanismo de protección Factory Reset Protection y eliminar datos a través de vectores no especificados, también conocido como error interno 26803208. • http://source.android.com/security/bulletin/2016-08-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3847
https://notcve.org/view.php?id=CVE-2016-3847
05 Aug 2016 — The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433. El controlador de medios NVIDIA en Android en versiones anteriores a 2016-08-05 en dispositivos Nexus 9 permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 28871433. • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3851
https://notcve.org/view.php?id=CVE-2016-3851
05 Aug 2016 — The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941. El gestor de arranque Android LG Electronics en versiones anteriores a 2016-08-05 en dispositivos Nexus 5X permite a atacantes obtener privilegios aprovechando el acceso a un proceso privilegiado, también conocido como error interno 29189941. • http://source.android.com/security/bulletin/2016-08-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2016-3822
https://notcve.org/view.php?id=CVE-2016-3822
05 Aug 2016 — exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315. " exif.c en Matthias Wandel jhead 2.87, como se usa en libjhead en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versione... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3830
https://notcve.org/view.php?id=CVE-2016-3830
05 Aug 2016 — codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599. codecs/aacdec/SoftAAC2.cpp en libstagefright en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-08-01 pe... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-20: Improper Input Validation •