CVE-2016-6707 – Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap
https://notcve.org/view.php?id=CVE-2016-6707
An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622. Una vulnerabilidad de elevación de privilegio en System Server en Android 6.x en versiones anteriores a 01-11-2016 y 7.0 en versiones anteriores a 01-11-2016 podría habilitar a una aplicación maliciosa local a ejecutar código arbitrario dentro del contexto de un proceso privilegiado. Este problema está clasificado como High porque puede ser usado para obtener acceso local a capacidades elevadas, las cuales no son normalmente accesibles a aplicaciones de terceros. • https://www.exploit-db.com/exploits/40874 http://www.securityfocus.com/bid/94164 https://bugs.chromium.org/p/project-zero/issues/detail?id=928 https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html https://source.android.com/security/bulletin/2016-11-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-4230 – Adobe Flash - MovieClip Transform Getter Use-After-Free
https://notcve.org/view.php?id=CVE-2016-4230
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4231, and CVE-2016-4248. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.366 y 19.x hasta la versión 22.x en versiones anteriores a 22.0.0.209 en Windows y OS X y en versiones anteriores a 11.2.202.632 en Linux permite a atacantes ejecutar un código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4231 y CVE-2016-4248. There is a use-after-free in the Adobe Flash MovieClip Transform getter. If the Transform constructor is replaced with a getter using addProperty, this getter can free the MovieClip before it is accessed. • https://www.exploit-db.com/exploits/40311 http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html http://packetstormsecurity.com/files/138532/Adobe-Flash-MovieClip-Transform-Use-After-Free.html http://www.securityfocus.com/bid/91719 http://www.securitytracker.com/id/1036280 https://access.redhat.com/errata/RHSA-2016:1423 https://bugs.chromium.org/p/project-zero/issues/detail? • CWE-416: Use After Free •
CVE-2015-7893 – Samsung SecEmailUI - Script Injection
https://notcve.org/view.php?id=CVE-2015-7893
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. SecEmailUI en Samsung Galaxy S6 no desinfecta el contenido de correo electrónico HTML, permite a los atacantes remotos ejecutar JavaScript arbitrario. The default Samsung email client's email viewer and composer (implemented in SecEmailUI.apk) doesn't sanitize HTML email content for scripts before rendering the data inside a WebView. This allows an attacker to execute arbitrary JavaScript when a user views a HTML email which contains HTML script tags or other events. • https://www.exploit-db.com/exploits/38554 http://packetstormsecurity.com/files/135643/Samsung-SecEmailUI-Script-Injection.html http://www.securityfocus.com/bid/77431 https://bugs.chromium.org/p/project-zero/issues/detail?id=494&q=samsung&redir=1 https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html • CWE-20: Improper Input Validation •
CVE-2015-7895 – Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash
https://notcve.org/view.php?id=CVE-2015-7895
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). Samsung Gallery de Samsusng Galaxy S6 permite a los usuarios locales provocar una denegación de servicio (caída del proceso). Samsung Galaxy S6 suffers from a bitmap decoding crash in Samsung Gallery. • https://www.exploit-db.com/exploits/38613 http://packetstormsecurity.com/files/134950/Samsung-Galaxy-S6-Samsung-Gallery-Bitmap-Decoding-Crash.html http://www.securityfocus.com/bid/77429 https://bugs.chromium.org/p/project-zero/issues/detail?id=497&redir=1 https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html • CWE-284: Improper Access Control •
CVE-2015-7889 – Samsung - SecEmailComposer QUICK_REPLY_BACKGROUND Permissions
https://notcve.org/view.php?id=CVE-2015-7889
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. La aplicación SecEmailComposer/EmailComposer en Samsung S6 Edge, en versiones anteriores a la October 2015 MR, utiliza permisos débiles para la acción de servicio com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND. Esto puede permitir que atacantes remotos que conozcan la dirección de email local obtengan información sensible mediante una aplicación manipulada que envíe un intent manipulado. The SecEmailComposer/EmailComposer application used by the Samsung S6 Edge has an exported service action to do quick replies to emails. It was found that this action required no permissions to call, and could lead to an unprivileged application gaining access to email content. • https://www.exploit-db.com/exploits/38558 http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html http://www.securityfocus.com/bid/77339 https://bugs.chromium.org/p/project-zero/issues/detail? • CWE-275: Permission Issues •