|
6611
|
7.5
7.8
|
HIGH
Network
|
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an …
|
CWE-399
Resource Management Errors
|
CVE-2016-5300
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1.1:* cpe:2.3:o:goo…
|
|
|
|
|
2024-11-21 11:54
2016-06-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6612
|
5.9
4.3
|
MEDIUM
Network
|
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors in…
|
CWE-310
Cryptographic Issues
|
CVE-2012-6702
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1.1:* cpe:2.3:o:goo…
|
|
|
|
|
2024-11-21 10:46
2016-06-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6613
|
5.5
4.3
|
MEDIUM
Local
|
Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a …
|
CWE-200
Information Exposure
|
CVE-2016-2500
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-06-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6614
|
5.5
4.3
|
MEDIUM
Local
|
AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attacker…
|
CWE-200
Information Exposure
|
CVE-2016-2499
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-06-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6615
|
5.5
4.3
|
MEDIUM
Local
|
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162.
|
CWE-200
Information Exposure
|
CVE-2016-2498
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:*
|
|
|
|
|
2024-11-21 11:48
2016-06-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6616
|
9.8
10.0
|
CRITICAL
Network
|
The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially ov…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2016-2496
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:*
|
|
|
|
|
2024-11-21 11:48
2016-06-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6617
|
5.5
7.1
|
MEDIUM
Local
|
SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (d…
|
CWE-20
Improper Input Validation
|
CVE-2016-2495
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-06-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6618
|
7.8
9.3
|
HIGH
Local
|
Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as de…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2494
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-06-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6619
|
7.8
9.3
|
HIGH
Local
|
The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2493
|
cpe:2.3:o:google:android:*:*
|
|
6.0.1
|
|
|
2024-11-21 11:48
2016-06-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6620
|
7.8
9.3
|
HIGH
Local
|
The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2492
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:*
|
|
|
|
|
2024-11-21 11:48
2016-06-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|