Vulnerabilities > Google > Android > 2.3.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-10-06 | CVE-2015-3865 | Permissions, Privileges, and Access Controls vulnerability in Google Android The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463. | 9.3 |
2015-10-06 | CVE-2015-3862 | Unspecified vulnerability in Google Android mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006. | 5.0 |
2015-10-06 | CVE-2015-3847 | Permissions, Privileges, and Access Controls vulnerability in Google Android Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. | 6.4 |
2015-10-06 | CVE-2015-3823 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. | 10.0 |
2015-10-02 | CVE-2015-6602 | Improper Input Validation vulnerability in Google Android libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. | 9.3 |
2015-10-02 | CVE-2015-3876 | Improper Input Validation vulnerability in Google Android libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. | 9.3 |
2015-10-01 | CVE-2015-6575 | Numeric Errors vulnerability in Google Android SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka internal bug 20139950, a different vulnerability than CVE-2015-1538. | 10.0 |
2015-10-01 | CVE-2015-3864 | Numeric Errors vulnerability in Google Android Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. | 10.0 |
2015-10-01 | CVE-2015-3863 | Numeric Errors vulnerability in Google Android Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399. | 9.3 |
2015-10-01 | CVE-2015-3861 | Numeric Errors vulnerability in Google Android Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device inoperability) via crafted Matroska data, aka internal bug 21296336. | 5.0 |