CVE-2016-2461
- EPSS 0.46%
- Veröffentlicht 09.05.2016 10:59:39
- Zuletzt bearbeitet 06.05.2026 22:30:45
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 276966...
CVE-2016-2460
- EPSS 0.42%
- Veröffentlicht 09.05.2016 10:59:38
- Zuletzt bearbeitet 06.05.2026 22:30:45
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGrap...
CVE-2016-2459
- EPSS 0.41%
- Veröffentlicht 09.05.2016 10:59:37
- Zuletzt bearbeitet 06.05.2026 22:30:45
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGrap...
CVE-2016-2458
- EPSS 0.47%
- Veröffentlicht 09.05.2016 10:59:36
- Zuletzt bearbeitet 06.05.2026 22:30:45
The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to C...
CVE-2016-2457
- EPSS 0.19%
- Veröffentlicht 09.05.2016 10:59:34
- Zuletzt bearbeitet 06.05.2026 22:30:45
server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411...
- EPSS 0.31%
- Veröffentlicht 09.05.2016 10:59:33
- Zuletzt bearbeitet 06.05.2026 22:30:45
The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187.
CVE-2016-2454
- EPSS 0.46%
- Veröffentlicht 09.05.2016 10:59:32
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Qualcomm hardware video codec in Android before 2016-05-01 on Nexus 5 devices allows remote attackers to cause a denial of service (reboot) via a crafted file, aka internal bug 26221024.
CVE-2016-2452
- EPSS 0.49%
- Veröffentlicht 09.05.2016 10:59:30
- Zuletzt bearbeitet 06.05.2026 22:30:45
codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate buffer sizes, which allows attackers to gain privileges via a crafted appli...
CVE-2016-2451
- EPSS 0.42%
- Veröffentlicht 09.05.2016 10:59:28
- Zuletzt bearbeitet 06.05.2026 22:30:45
codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes, which allows attackers to gain privileges via a craf...
CVE-2016-2450
- EPSS 0.42%
- Veröffentlicht 09.05.2016 10:59:27
- Zuletzt bearbeitet 06.05.2026 22:30:45
codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a craf...