- EPSS 0.21%
- Veröffentlicht 05.05.2016 21:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does no...
- EPSS 77.91%
- Veröffentlicht 05.05.2016 01:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "ne...
CVE-2016-2107
- EPSS 89.06%
- Veröffentlicht 05.05.2016 01:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against...
CVE-2016-0774
- EPSS 0.34%
- Veröffentlicht 27.04.2016 17:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do ...
CVE-2016-2427
- EPSS 0.42%
- Veröffentlicht 18.04.2016 00:59:33
- Zuletzt bearbeitet 06.05.2026 22:30:45
The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key...
CVE-2016-2426
- EPSS 0.39%
- Veröffentlicht 18.04.2016 00:59:32
- Zuletzt bearbeitet 06.05.2026 22:30:45
server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive info...
CVE-2016-2425
- EPSS 0.47%
- Veröffentlicht 18.04.2016 00:59:31
- Zuletzt bearbeitet 06.05.2026 22:30:45
mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted appl...
CVE-2016-2424
- EPSS 0.36%
- Veröffentlicht 18.04.2016 00:59:30
- Zuletzt bearbeitet 06.05.2026 22:30:45
server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot l...
CVE-2016-2423
- EPSS 0.18%
- Veröffentlicht 18.04.2016 00:59:29
- Zuletzt bearbeitet 06.05.2026 22:30:45
server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to by...
CVE-2016-2422
- EPSS 0.39%
- Veröffentlicht 18.04.2016 00:59:28
- Zuletzt bearbeitet 06.05.2026 22:30:45
Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demon...