Google

Android

7930 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2015-3847

  • EPSS 0.11%
  • Veröffentlicht 06.10.2015 17:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270.

10

CVE-2015-3823

  • EPSS 1.04%
  • Veröffentlicht 06.10.2015 17:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.

9.3

CVE-2015-6602

  • EPSS 2.76%
  • Veröffentlicht 02.10.2015 02:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.

9.3

CVE-2015-3876

Medienbericht
  • EPSS 4.56%
  • Veröffentlicht 02.10.2015 02:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.

10

CVE-2015-6575

  • EPSS 18.59%
  • Veröffentlicht 01.10.2015 00:59:32
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted a...

10

CVE-2015-3864

  • EPSS 87.03%
  • Veröffentlicht 01.10.2015 00:59:31
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. ...

9.3

CVE-2015-3863

  • EPSS 0.21%
  • Veröffentlicht 01.10.2015 00:59:30
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert opera...

5

CVE-2015-3861

  • EPSS 0.31%
  • Veröffentlicht 01.10.2015 00:59:29
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device inoperability) via crafted Mat...

7.2

CVE-2015-3860

Exploit
  • EPSS 0.04%
  • Veröffentlicht 01.10.2015 00:59:28
  • Zuletzt bearbeitet 12.04.2025 10:46:40

packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended acces...

9.3

CVE-2015-3858

  • EPSS 0.16%
  • Veröffentlicht 01.10.2015 00:59:27
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation requirement for SMS...