Google

Android

8158 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.21%
  • Veröffentlicht 05.05.2016 21:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does no...

  • EPSS 77.91%
  • Veröffentlicht 05.05.2016 01:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "ne...

  • EPSS 89.06%
  • Veröffentlicht 05.05.2016 01:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against...

  • EPSS 0.34%
  • Veröffentlicht 27.04.2016 17:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do ...

  • EPSS 0.42%
  • Veröffentlicht 18.04.2016 00:59:33
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key...

  • EPSS 0.39%
  • Veröffentlicht 18.04.2016 00:59:32
  • Zuletzt bearbeitet 06.05.2026 22:30:45

server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive info...

  • EPSS 0.47%
  • Veröffentlicht 18.04.2016 00:59:31
  • Zuletzt bearbeitet 06.05.2026 22:30:45

mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted appl...

  • EPSS 0.36%
  • Veröffentlicht 18.04.2016 00:59:30
  • Zuletzt bearbeitet 06.05.2026 22:30:45

server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot l...

  • EPSS 0.18%
  • Veröffentlicht 18.04.2016 00:59:29
  • Zuletzt bearbeitet 06.05.2026 22:30:45

server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to by...

  • EPSS 0.39%
  • Veröffentlicht 18.04.2016 00:59:28
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to gain privileges via a crafted application, as demon...