CVE-2016-6744
https://notcve.org/view.php?id=CVE-2016-6744
An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30970485. Una vulnerabilidad de elevación de privilegio en el controlador de pantalla táctil Synaptics en Android en versiones anteriores a 05-11-2016 podría habilitar a una aplicación maliciosa local a ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. • http://www.securityfocus.com/bid/94131 https://source.android.com/security/bulletin/2016-11-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-6750
https://notcve.org/view.php?id=CVE-2016-6750
An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30312054. References: Qualcomm QC-CR#1052825. Una vulnerabilidad de divulgación de información en componentes Qualcomm incluidos el controlador de la GPU, controlador de energía, controlador SMSM Point-to-Point y controlador de sonido en Android en versiones anteriores a 05-11-2016 podría habilitar a una aplicación maliciosa local a acceder a datos fuera de sus niveles de permiso. • http://www.securityfocus.com/bid/94139 https://source.android.com/security/bulletin/2016-11-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-6729
https://notcve.org/view.php?id=CVE-2016-6729
An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684. Una vulnerabilidad de elevación de privilegio en el gestor de arranque Qualcomm en Android en versiones anteriores a 05-11-2016 podría habilitar a una aplicación local maliciosa a ejecutar código arbitrario dentro del contexto del kernel. • http://www.securityfocus.com/bid/94203 https://source.android.com/security/bulletin/2016-11-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-6701
https://notcve.org/view.php?id=CVE-2016-6701
A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637. Una vulnerabilidad de ejecución remota de código en libskia en Android 7.0 en versiones anteriores a 01-11-2016 podría habilitar a un atacante que utiliza un archivo especialmente manipulado a provocar corrupción de memoria durante el procesamiento de archivos multimedia y datos. Este problema está clasificado como High debido a la posibilidad de ejecución remota de código dentro del contexto de proceso de galería. • http://www.securityfocus.com/bid/94162 https://source.android.com/security/bulletin/2016-11-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-284: Improper Access Control •
CVE-2016-6736
https://notcve.org/view.php?id=CVE-2016-6736
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30953284. References: NVIDIA N-CVE-2016-6736. Una vulnerabilidad de elevación de privilegio en el controlador NVIDIA GPU en Android en versiones anteriores a 05-11-2016 podría habilitar a una aplicación maliciosa local a ejecutar código arbitrario dentro del contexto del kernel. • http://www.securityfocus.com/bid/94140 https://source.android.com/security/bulletin/2016-11-01.html • CWE-264: Permissions, Privileges, and Access Controls •