|
268871
|
5.5 |
MEDIUM
Local
|
google
|
android
|
server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allo…
|
CWE-20
Improper Input Validation
|
CVE-2016-2424
|
2024-11-21 11:48 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268872
|
5.5 |
MEDIUM
Local
|
bouncycastle
google
|
legion-of-the-bouncy-castle-java-crytography-api
android
|
The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic prot…
|
CWE-200
Information Exposure
|
CVE-2016-2427
|
2024-11-21 11:48 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268873
|
6.1 |
MEDIUM
Physics
|
google
|
android
|
server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2423
|
2024-11-21 11:48 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268874
|
7.8 |
HIGH
Local
|
google
|
android
|
Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2422
|
2024-11-21 11:48 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268875
|
6.1 |
MEDIUM
Physics
|
google
|
android
|
Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2421
|
2024-11-21 11:48 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268876
|
7.8 |
HIGH
Local
|
google
|
android
|
rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2420
|
2024-11-21 11:48 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268877
|
9.8 |
CRITICAL
Network
|
google
|
android
|
media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process m…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2419
|
2024-11-21 11:48 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268878
|
9.8 |
CRITICAL
Network
|
google
|
android
|
media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memor…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-2418
|
2024-11-21 11:48 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268879
|
9.8 |
CRITICAL
Network
|
google
|
android
|
media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows atta…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2417
|
2024-11-21 11:48 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268880
|
9.8 |
CRITICAL
Network
|
google
|
android
|
libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permissio…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2416
|
2024-11-21 11:48 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
