|
6651
|
7.0
7.6
|
HIGH
Local
|
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspec…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2462
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:*
|
|
|
|
|
2024-11-21 11:48
2016-05-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6652
|
7.0
7.6
|
HIGH
Local
|
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspeci…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2461
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:*
|
|
|
|
|
2024-11-21 11:48
2016-05-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6653
|
5.5
4.3
|
MEDIUM
Local
|
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive info…
|
CWE-200
Information Exposure
|
CVE-2016-2460
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:5.1.0:* cpe:2.3:o:google:android:5.0:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-05-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6654
|
5.5
4.3
|
MEDIUM
Local
|
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive info…
|
CWE-200
Information Exposure
|
CVE-2016-2459
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-05-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6655
|
5.5
4.3
|
MEDIUM
Local
|
The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive …
|
CWE-200
Information Exposure
|
CVE-2016-2458
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-05-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6656
|
5.5
2.1
|
MEDIUM
Local
|
server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2457
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-05-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6657
|
7.0
5.1
|
HIGH
Local
|
The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2456
|
cpe:2.3:o:google:android:*:*
|
|
6.0.1
|
|
|
2024-11-21 11:48
2016-05-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6658
|
5.5
7.1
|
MEDIUM
Local
|
The Qualcomm hardware video codec in Android before 2016-05-01 on Nexus 5 devices allows remote attackers to cause a denial of service (reboot) via a crafted file, aka internal bug 26221024.
|
CWE-20
Improper Input Validation
|
CVE-2016-2454
|
cpe:2.3:o:google:android:*:*
|
|
6.0.1
|
|
|
2024-11-21 11:48
2016-05-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6659
|
7.8
9.3
|
HIGH
Local
|
codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate buffer sizes, which allo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2452
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-05-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6660
|
7.8
9.3
|
HIGH
Local
|
codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes, w…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2451
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-05-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|