Google

Android

8032 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2016-2464

  • EPSS 0.25%
  • Veröffentlicht 13.06.2016 01:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file,...

8.4

CVE-2016-2463

  • EPSS 0.62%
  • Veröffentlicht 13.06.2016 01:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of ...

7.8

CVE-2016-4477

  • EPSS 0.13%
  • Veröffentlicht 09.05.2016 10:59:42
  • Zuletzt bearbeitet 12.04.2025 10:46:40

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafte...

7.6

CVE-2016-2462

  • EPSS 0.06%
  • Veröffentlicht 09.05.2016 10:59:40
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173.

7.6

CVE-2016-2461

  • EPSS 0.09%
  • Veröffentlicht 09.05.2016 10:59:39
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 276966...

5.5

CVE-2016-2460

  • EPSS 0.07%
  • Veröffentlicht 09.05.2016 10:59:38
  • Zuletzt bearbeitet 12.04.2025 10:46:40

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGrap...

5.5

CVE-2016-2459

  • EPSS 0.07%
  • Veröffentlicht 09.05.2016 10:59:37
  • Zuletzt bearbeitet 12.04.2025 10:46:40

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGrap...

5.5

CVE-2016-2458

  • EPSS 0.13%
  • Veröffentlicht 09.05.2016 10:59:36
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to C...

5.5

CVE-2016-2457

  • EPSS 0.03%
  • Veröffentlicht 09.05.2016 10:59:34
  • Zuletzt bearbeitet 12.04.2025 10:46:40

server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411...

7

CVE-2016-2456

  • EPSS 0.06%
  • Veröffentlicht 09.05.2016 10:59:33
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187.