CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3823
https://notcve.org/view.php?id=CVE-2016-3823
05 Aug 2016 — The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329. La característica sesión segura en el componente mm-video-v4l2 venc en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en ... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3824
https://notcve.org/view.php?id=CVE-2016-3824
05 Aug 2016 — omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827. omx/OMXNodeInstance.cpp en libstagefright en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-08-01 no v... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-3825
https://notcve.org/view.php?id=CVE-2016-3825
05 Aug 2016 — mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964. mm-video-v4l2/vidc/venc/src/omx_video_base.cpp en mediaserver en Android 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-08-01 asigna una cantidad de memoria incorrecta, ... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3826
https://notcve.org/view.php?id=CVE-2016-3826
05 Aug 2016 — services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553. services/audioflinger/Effects.cpp en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3827
https://notcve.org/view.php?id=CVE-2016-3827
05 Aug 2016 — codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956. codecs/hevcdec/SoftHEVC.cpp en libstagefright en mediaserver en Android 6.0.1 en versiones anteriores a 2016-08-01 no maneja adecuadamente errores del decodificador, lo que permite a atacantes remotos provocar una denegación de servicio (colgado de disp... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-172: Encoding Error •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3830
https://notcve.org/view.php?id=CVE-2016-3830
05 Aug 2016 — codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599. codecs/aacdec/SoftAAC2.cpp en libstagefright en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-08-01 pe... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3831
https://notcve.org/view.php?id=CVE-2016-3831
05 Aug 2016 — The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a "Year 2038 problem." El componente telephony en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores ... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3832
https://notcve.org/view.php?id=CVE-2016-3832
05 Aug 2016 — The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 28795098. El marco de referencia APIs en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-08-01 no asegura... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3834
https://notcve.org/view.php?id=CVE-2016-3834
05 Aug 2016 — The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted application, aka internal bug 28466701. La cámara APIs en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-08-01 permite a atacantes eludir restricciones destinad... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-3835
https://notcve.org/view.php?id=CVE-2016-3835
05 Aug 2016 — The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116. La característica sesión segura en el componente mm-video-v4l2 venc en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.... • http://source.android.com/security/bulletin/2016-08-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •