Android
by Google
CVEs (4,041)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6596 | 0.00 | — | 0.01 | Oct 6, 2015 | mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717. | |||
| CVE-2015-3879 | 0.00 | — | 0.01 | Oct 6, 2015 | Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325. | |||
| CVE-2015-3878 | 0.00 | — | 0.01 | Oct 6, 2015 | Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that references a long application name, aka internal… | |||
| CVE-2015-3877 | 0.00 | — | 0.02 | Oct 6, 2015 | Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. | |||
| CVE-2015-3875 | 0.00 | — | 0.02 | Oct 6, 2015 | libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. | |||
| CVE-2015-3874 | 0.00 | — | 0.02 | Oct 6, 2015 | The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323. | |||
| CVE-2015-3873 | 0.00 | — | 0.02 | Oct 6, 2015 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674,… | |||
| CVE-2015-3872 | 0.00 | — | 0.02 | Oct 6, 2015 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388. | |||
| CVE-2015-3871 | 0.00 | — | 0.02 | Oct 6, 2015 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033. | |||
| CVE-2015-3870 | 0.00 | — | 0.02 | Oct 6, 2015 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132. | |||
| CVE-2015-3869 | 0.00 | — | 0.02 | Oct 6, 2015 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083. | |||
| CVE-2015-3868 | 0.00 | — | 0.03 | Oct 6, 2015 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. | |||
| CVE-2015-3867 | 0.00 | — | 0.02 | Oct 6, 2015 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430. | |||
| CVE-2015-3865 | 0.00 | — | 0.01 | Oct 6, 2015 | The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463. | |||
| CVE-2015-3862 | 0.00 | — | 0.00 | Oct 6, 2015 | mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006. | |||
| CVE-2015-3847 | 0.00 | — | 0.00 | Oct 6, 2015 | Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. | |||
| CVE-2015-3823 | 0.00 | — | 0.02 | Oct 6, 2015 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. | |||
| CVE-2015-6602 | 0.00 | — | 0.03 | Oct 2, 2015 | libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. | |||
| CVE-2015-3876 | 0.00 | — | 0.03 | Oct 2, 2015 | libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. | |||
| CVE-2015-6575 | 0.00 | — | 0.03 | Oct 1, 2015 | SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka… |
- CVE-2015-6596Oct 6, 2015risk 0.00cvss —epss 0.01
mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717.
- CVE-2015-3879Oct 6, 2015risk 0.00cvss —epss 0.01
Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325.
- CVE-2015-3878Oct 6, 2015risk 0.00cvss —epss 0.01
Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that references a long application name, aka internal…
- CVE-2015-3877Oct 6, 2015risk 0.00cvss —epss 0.02
Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696.
- CVE-2015-3875Oct 6, 2015risk 0.00cvss —epss 0.02
libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485.
- CVE-2015-3874Oct 6, 2015risk 0.00cvss —epss 0.02
The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323.
- CVE-2015-3873Oct 6, 2015risk 0.00cvss —epss 0.02
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674,…
- CVE-2015-3872Oct 6, 2015risk 0.00cvss —epss 0.02
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388.
- CVE-2015-3871Oct 6, 2015risk 0.00cvss —epss 0.02
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033.
- CVE-2015-3870Oct 6, 2015risk 0.00cvss —epss 0.02
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132.
- CVE-2015-3869Oct 6, 2015risk 0.00cvss —epss 0.02
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083.
- CVE-2015-3868Oct 6, 2015risk 0.00cvss —epss 0.03
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724.
- CVE-2015-3867Oct 6, 2015risk 0.00cvss —epss 0.02
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.
- CVE-2015-3865Oct 6, 2015risk 0.00cvss —epss 0.01
The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.
- CVE-2015-3862Oct 6, 2015risk 0.00cvss —epss 0.00
mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006.
- CVE-2015-3847Oct 6, 2015risk 0.00cvss —epss 0.00
Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270.
- CVE-2015-3823Oct 6, 2015risk 0.00cvss —epss 0.02
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.
- CVE-2015-6602Oct 2, 2015risk 0.00cvss —epss 0.03
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.
- CVE-2015-3876Oct 2, 2015risk 0.00cvss —epss 0.03
libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.
- CVE-2015-6575Oct 1, 2015risk 0.00cvss —epss 0.03
SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka…
Page 198 of 203