Android
by Google
CVEs (4,290)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3868 | 0.00 | — | 0.03 | Oct 6, 2015 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. | |||
| CVE-2015-3867 | 0.00 | — | 0.02 | Oct 6, 2015 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430. | |||
| CVE-2015-3865 | 0.00 | — | 0.01 | Oct 6, 2015 | The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463. | |||
| CVE-2015-3862 | 0.00 | — | 0.00 | Oct 6, 2015 | mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006. | |||
| CVE-2015-3847 | 0.00 | — | 0.00 | Oct 6, 2015 | Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. | |||
| CVE-2015-3823 | 0.00 | — | 0.02 | Oct 6, 2015 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. | |||
| CVE-2015-6602 | 0.00 | — | 0.03 | Oct 2, 2015 | libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. | |||
| CVE-2015-3876 | 0.00 | — | 0.03 | Oct 2, 2015 | libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. | |||
| CVE-2015-6575 | 0.00 | — | 0.03 | Oct 1, 2015 | SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka… | |||
| CVE-2015-3863 | 0.00 | — | 0.01 | Oct 1, 2015 | Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug… | |||
| CVE-2015-3861 | 0.00 | — | 0.01 | Oct 1, 2015 | Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device inoperability) via crafted Matroska data, aka internal bug… | |||
| CVE-2015-3860 | 0.00 | — | 0.00 | Oct 1, 2015 | packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long… | |||
| CVE-2015-3858 | 0.00 | — | 0.01 | Oct 1, 2015 | The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation requirement for SMS short-code messaging via a… | |||
| CVE-2015-3849 | 0.00 | — | 0.01 | Oct 1, 2015 | The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via an application that sends a crafted message to… | |||
| CVE-2015-3845 | 0.00 | — | 0.01 | Oct 1, 2015 | The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a different application's privileges via a… | |||
| CVE-2015-3844 | 0.00 | — | 0.01 | Oct 1, 2015 | The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted application, as demonstrated by interfering with use of… | |||
| CVE-2015-3843 | 0.00 | — | 0.02 | Oct 1, 2015 | The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal… | |||
| CVE-2015-3842 | 0.00 | — | 0.01 | Oct 1, 2015 | Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516. | |||
| CVE-2015-3837 | 0.00 | — | 0.01 | Oct 1, 2015 | The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a… | |||
| CVE-2015-3836 | 0.00 | — | 0.03 | Oct 1, 2015 | The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer… |
- CVE-2015-3868Oct 6, 2015risk 0.00cvss —epss 0.03
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724.
- CVE-2015-3867Oct 6, 2015risk 0.00cvss —epss 0.02
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.
- CVE-2015-3865Oct 6, 2015risk 0.00cvss —epss 0.01
The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.
- CVE-2015-3862Oct 6, 2015risk 0.00cvss —epss 0.00
mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006.
- CVE-2015-3847Oct 6, 2015risk 0.00cvss —epss 0.00
Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270.
- CVE-2015-3823Oct 6, 2015risk 0.00cvss —epss 0.02
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.
- CVE-2015-6602Oct 2, 2015risk 0.00cvss —epss 0.03
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.
- CVE-2015-3876Oct 2, 2015risk 0.00cvss —epss 0.03
libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.
- CVE-2015-6575Oct 1, 2015risk 0.00cvss —epss 0.03
SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka…
- CVE-2015-3863Oct 1, 2015risk 0.00cvss —epss 0.01
Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug…
- CVE-2015-3861Oct 1, 2015risk 0.00cvss —epss 0.01
Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device inoperability) via crafted Matroska data, aka internal bug…
- CVE-2015-3860Oct 1, 2015risk 0.00cvss —epss 0.00
packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long…
- CVE-2015-3858Oct 1, 2015risk 0.00cvss —epss 0.01
The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation requirement for SMS short-code messaging via a…
- CVE-2015-3849Oct 1, 2015risk 0.00cvss —epss 0.01
The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via an application that sends a crafted message to…
- CVE-2015-3845Oct 1, 2015risk 0.00cvss —epss 0.01
The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a different application's privileges via a…
- CVE-2015-3844Oct 1, 2015risk 0.00cvss —epss 0.01
The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted application, as demonstrated by interfering with use of…
- CVE-2015-3843Oct 1, 2015risk 0.00cvss —epss 0.02
The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal…
- CVE-2015-3842Oct 1, 2015risk 0.00cvss —epss 0.01
Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516.
- CVE-2015-3837Oct 1, 2015risk 0.00cvss —epss 0.01
The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a…
- CVE-2015-3836Oct 1, 2015risk 0.00cvss —epss 0.03
The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer…
Page 211 of 215