CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8396
https://notcve.org/view.php?id=CVE-2016-8396
An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-31249105. • http://www.securityfocus.com/bid/94712 https://source.android.com/security/bulletin/2016-12-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6788
https://notcve.org/view.php?id=CVE-2016-6788
An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31224428. • http://www.securityfocus.com/bid/94687 https://source.android.com/security/bulletin/2016-12-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6910
https://notcve.org/view.php?id=CVE-2016-6910
The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The vulnerable system app gives a non-existent app the ability to read the notifications from the device, which a third-party app can utilize if it uses a package name of com.samsung.android.app.portalservicewidget. This vulnerability allows an unprivileged third-party app to obtain the text of the user's notifications, which tend to contain personal data. La vulnerabilidad de oyente de notificación inexistente se introdujo en las primeras versiones de Android 5.0.2 para los dispositivos Samsung Galaxy S6 Edge, pero la vulnerabilidad puede persistir en el dispositivo incluso después de que el dispositivo se haya actualizado a una versión de Android 5.1.1 o 6.0.1. La aplicación del sistema vulnerable da a una aplicación inexistente la capacidad de leer las notificaciones del dispositivo, que una aplicación de terceros puede utilizar si usa un nombre de paquete de com.samsung.android.app.portalservicewidget. • http://www.kryptowire.com/disclosures/CVE-2016-6910/Factory_Resets_and_Obtaining_Notifications_on_Samsung_Android_Devices.pdf http://www.securityfocus.com/bid/95092 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 1CVE-2016-6772 – Google Android - WifiNative::setHotlist Stack Overflow
https://notcve.org/view.php?id=CVE-2016-6772
An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351. • https://www.exploit-db.com/exploits/40945 http://www.securityfocus.com/bid/94701 https://bugs.chromium.org/p/project-zero/issues/detail?id=958 https://source.android.com/security/bulletin/2016-12-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-6720
https://notcve.org/view.php?id=CVE-2016-6720
An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Android ID: A-29422020. Una vulnerabilidad de divulgación de información en libstagefright en Mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1, 6.x en versiones anteriores a 2016-11-01 y 7.0 en versiones anteriores a 2016-11-01 podría habilitar una aplicación maliciosa local para acceder a datos fuera de sus niveles de permiso. Este problema está clasificado como moderado porque podría ser utilizado para acceder a datos sensibles sin permiso. • http://www.securityfocus.com/bid/94143 https://android.googlesource.com/platform/frameworks/av/+/0f177948ae2640bfe4d70f8e4248e106406b3b0a https://android.googlesource.com/platform/frameworks/av/+/2c75e1c3b98e4e94f50c63e2b7694be5f948477c https://android.googlesource.com/platform/frameworks/av/+/640b04121d7cd2cac90e2f7c82b97fce05f074a5 https://android.googlesource.com/platform/frameworks/av/+/7c88b498fda1c2b608a9dd73960a2fd4d7b7e3f7 https://source.android.com/security/bulletin/2016-11-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •