CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3845
https://notcve.org/view.php?id=CVE-2015-3845
01 Oct 2015 — The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a different application's privileges via a crafted application, aka internal bug 17312693. La función Parcel::appendFrom en libs/binder/Parcel.cpp en Binder en Android en versiones anteriores a 5.1.1 LMY48M no tiene en cuenta los límites del parcel durante la identificación de lo... • https://android.googlesource.com/platform/frameworks/native/+/e68cbc3e9e66df4231e70efa3e9c41abc12aea20 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3849
https://notcve.org/view.php?id=CVE-2015-3849
01 Oct 2015 — The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via an application that sends a crafted message to a service, aka internal bug 21585255. La función Region_createFromParcel en core/jni/android/graphics/Region.cpp en Region en Android en versiones anteriores a 5.1.1 LMY48M no comprueba los valores de retorno de ciertas operaciones d... • https://android.googlesource.com/platform/frameworks/base/+/1e72dc7a3074cd0b44d89afbf39bbf5000ef7cc3 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3858
https://notcve.org/view.php?id=CVE-2015-3858
01 Oct 2015 — The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation requirement for SMS short-code messaging via a crafted application, aka internal bug 22314646. La función checkDestination en internal/telephony/SMSDispatcher.java en Android en versiones anteriores a 5.1.1 LMY48M confía en un nombre de permiso obsoleto para una comporbación de au... • https://android.googlesource.com/platform/frameworks/opt/telephony/+/df31d37d285dde9911b699837c351aed2320b586 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2015-3860
https://notcve.org/view.php?id=CVE-2015-3860
01 Oct 2015 — packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers a SystemUI crash, aka internal bug 22214934. packages/Keyguard/res/layout/keyguard_password_view.xml en Lockscreen en Android 5.x en versiones anteriores a 5.1.1 LMY48M no restringe el número de caracteres en el c... • http://sites.utexas.edu/iso/2015/09/15/android-5-lockscreen-bypass • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3861
https://notcve.org/view.php?id=CVE-2015-3861
01 Oct 2015 — Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device inoperability) via crafted Matroska data, aka internal bug 21296336. Múltiples desbordamientos de entero en la función addVorbisCodecInfo en matroska/MatroskaExtractor.cpp en libstagefright en mediaserver en Android en versiones anteriores a 5.1.1 LMY48M permiten a atacantes remotos provocar... • https://android.googlesource.com/platform/frameworks/av/+/304ef91624e12661e7e35c2c0c235da84a73e9c0 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3863
https://notcve.org/view.php?id=CVE-2015-3863
01 Oct 2015 — Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399. Múltiples desbordamientos de entero en la clase Blob en keystore/keystore.cpp en Keystore en Android en versiones anteriores a 5.1.1 LMY48M permiten a atacantes ejecutar código arbitrario y leer claves de Keystore arbitrarias a t... • https://android.googlesource.com/platform/system/security/+/bb9f4392c2f1b11be3acdc1737828274ff1ec55b • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 85%CPEs: 1EXPL: 8CVE-2015-1538 – Google Android - 'Stagefright' Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-1538
10 Sep 2015 — Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496. Desbordamiento de entero en la función SampleTable::setSampleToChunkParams en SampleTable.cpp en libstagefright en Android en versiones anteriores a 5.1.1 LMY48I, permite a atacantes remotos e... • https://packetstorm.news/files/id/133521 • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2714 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2015-2714
14 May 2015 — Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and earlier. Mozilla Firefox anterior a 38.0 en Android no restringe correctamente la escritura de datos de URLs en el sistema de registros de, lo que permite a atacantes o... • http://www.mozilla.org/security/announce/2015/mfsa2015-52.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1525 – Google Android Denial of Service
https://notcve.org/view.php?id=CVE-2015-1525
14 Mar 2015 — audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address. El archivo audio/AudioPolicyManagerBase.cpp en Android versiones anteriores a 5.1, permite a atacantes causar una denegación de servicio (interrupción de la aplicación audio_policy) por medio de una aplicación diseñada que provee una dirección de dispositivo NULL. Google Android suffers from an audio_policy appli... • https://android.googlesource.com/platform/hardware/libhardware_legacy/+/2d2ea50%5E%21 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7914 – (Mobile Pwn2Own) Google Android Bluetooth Forced Pairing Vulnerability
https://notcve.org/view.php?id=CVE-2014-7914
12 Mar 2015 — btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. En el archivo btif/src/btif_dm.c en Android versiones anteriores a 5.1, no aplica apropiadamente la naturaleza temporal de emparejar Bluetooth, lo que permite a atacantes remotos asistidos por el usuario omitir las restricciones de acceso prevista... • https://android.googlesource.com/platform/external/bluetooth/bluedroid/+/0360aa7c418152a3e5e335a065ac3629cbb09559 • CWE-863: Incorrect Authorization •