|
6681
|
7.8
9.3
|
HIGH
Local
|
server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly vali…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2060
|
cpe:2.3:o:google:android:*:*
|
|
6.0.1
|
|
|
2024-11-21 11:47
2016-05-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6682
|
7.0
4.4
|
HIGH
Local
|
The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contri…
|
CWE-269
Improper Privilege Management
|
CVE-2016-2059
|
cpe:2.3:o:google:android:*:*
|
|
7.0
|
|
|
2024-11-21 11:47
2016-05-6
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6683
|
9.8
10.0
|
CRITICAL
Network
|
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via a…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-2108
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:47
2016-05-5
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6684
|
5.9
2.6
|
MEDIUM
Network
|
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleart…
|
CWE-310 CWE-200
Cryptographic Issues Information Exposure
|
CVE-2016-2107
|
cpe:2.3:o:google:android:5.1:* cpe:2.3:o:google:android:5.1.0:* cpe:2.3:o:google:android:5.0:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:47
2016-05-5
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6685
|
6.8
5.6
|
MEDIUM
Local
|
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-…
|
CWE-20
Improper Input Validation
|
CVE-2016-0774
|
cpe:2.3:o:google:android:*:*
|
|
6.0.1
|
|
|
2024-11-21 11:42
2016-04-28
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6686
|
5.5
4.3
|
MEDIUM
Local
|
server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permissi…
|
CWE-200
Information Exposure
|
CVE-2016-2426
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-04-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6687
|
5.5
4.3
|
MEDIUM
Local
|
mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers…
|
CWE-200
Information Exposure
|
CVE-2016-2425
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-04-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6688
|
5.5
7.1
|
MEDIUM
Local
|
server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allo…
|
CWE-20
Improper Input Validation
|
CVE-2016-2424
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-04-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6689
|
5.5
4.3
|
MEDIUM
Local
|
The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic prot…
|
CWE-200
Information Exposure
|
CVE-2016-2427
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-04-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6690
|
6.1
6.6
|
MEDIUM
Physics
|
server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2423
|
cpe:2.3:o:google:android:6.0:* cpe:2.3:o:google:android:6.0.1:* cpe:2.3:o:google:android:5.1:* cpe:2.3:o:googl…
|
|
|
|
|
2024-11-21 11:48
2016-04-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|