CVE-2016-3749
- EPSS 0.27%
- Veröffentlicht 11.07.2016 01:59:49
- Zuletzt bearbeitet 06.05.2026 22:30:45
server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 28163930.
CVE-2016-3748
- EPSS 0.37%
- Veröffentlicht 11.07.2016 01:59:48
- Zuletzt bearbeitet 06.05.2026 22:30:45
The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804.
- EPSS 0.42%
- Veröffentlicht 11.07.2016 01:59:47
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstra...
CVE-2016-3746
- EPSS 0.37%
- Veröffentlicht 11.07.2016 01:59:46
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstra...
CVE-2016-3745
- EPSS 0.58%
- Veröffentlicht 11.07.2016 01:59:45
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated b...
CVE-2016-3744
- EPSS 0.36%
- Veröffentlicht 11.07.2016 01:59:44
- Zuletzt bearbeitet 06.05.2026 22:30:45
Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to gain privileges via a crafted pairing operation, ...
CVE-2016-3743
- EPSS 1.08%
- Veröffentlicht 11.07.2016 01:59:43
- Zuletzt bearbeitet 06.05.2026 22:30:45
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka i...
CVE-2016-3742
- EPSS 1.08%
- Veröffentlicht 11.07.2016 01:59:42
- Zuletzt bearbeitet 06.05.2026 22:30:45
decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal b...
CVE-2016-3741
- EPSS 1.41%
- Veröffentlicht 11.07.2016 01:59:41
- Zuletzt bearbeitet 06.05.2026 22:30:45
The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal ...
CVE-2016-2508
- EPSS 1.67%
- Veröffentlicht 11.07.2016 01:59:40
- Zuletzt bearbeitet 06.05.2026 22:30:45
media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitr...