CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2425
https://notcve.org/view.php?id=CVE-2016-2425
18 Apr 2016 — mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185. mail/compose/ComposeActivity.java en AOSP Mail en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-04-0... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-0850
https://notcve.org/view.php?id=CVE-2016-0850
18 Apr 2016 — The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to bypass intended pairing restrictions via a crafted device, aka internal bug 26551752. La funcionalidad PORCHE_PAIRING_CONFLICT en Bluetooth en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-04-01 permite a atacantes remotos eludi... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.4EPSS: 0%CPEs: 22EXPL: 0CVE-2016-0843
https://notcve.org/view.php?id=CVE-2016-0843
18 Apr 2016 — The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197. El administrador del rendimiento de eventos del procesador Qualcomm ARM en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-04-01 permite a atacantes obtener privil... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2412
https://notcve.org/view.php?id=CVE-2016-2412
18 Apr 2016 — include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26593930. include/core/SkPostConfig.h en Skia, como se utiliza en System_server en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2016-0837
https://notcve.org/view.php?id=CVE-2016-0837
18 Apr 2016 — MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka internal bug 27208621. MPEG4Extractor.cpp en libstagefright en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en vers... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 23EXPL: 0CVE-2016-1503 – Gentoo Linux Security Advisory 201606-07
https://notcve.org/view.php?id=CVE-2016-1503
18 Apr 2016 — dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634. dhcpcd en versiones anteriores a 6.10.0, como se utiliza en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anter... • http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2426
https://notcve.org/view.php?id=CVE-2016-2426
18 Apr 2016 — server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 26094635. server/content/ContentService.java en el componente Framework en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en vers... • http://source.android.com/security/bulletin/2016-04-02.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 0%CPEs: 22EXPL: 4CVE-2016-0846 – Google Android - IMemory Native Interface is Insecure for IPC Use
https://notcve.org/view.php?id=CVE-2016-0846
09 Apr 2016 — libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992. libs/binder/IMemory.cpp en la IMemory Native Interface en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en vers... • https://packetstorm.news/files/id/136631 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 22EXPL: 2CVE-2016-2417 – Google Android - IOMX 'getConfig'/'getParameter' Information Disclosure
https://notcve.org/view.php?id=CVE-2016-2417
09 Apr 2016 — media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474. media/libmedia/IOMX.cpp en mediaserver en Android 4.x en versiones anteri... • https://packetstorm.news/files/id/136632 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0829
https://notcve.org/view.php?id=CVE-2016-0829
12 Mar 2016 — The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109. La función BnGraphicBufferP... • http://source.android.com/security/bulletin/2016-03-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •