| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
43451 |
CVE-2015-6645 |
264 |
|
DoS |
2016-01-06 |
2016-12-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205. |
|
43452 |
CVE-2015-6644 |
200 |
|
+Info |
2016-01-06 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146. |
|
43453 |
CVE-2015-6643 |
264 |
|
Bypass |
2016-01-06 |
2016-12-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269. |
|
43454 |
CVE-2015-6642 |
264 |
|
Bypass +Info |
2016-01-06 |
2016-12-07 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888. |
|
43455 |
CVE-2015-6640 |
264 |
|
DoS +Priv |
2016-01-06 |
2016-12-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123. |
|
43456 |
CVE-2015-6639 |
264 |
|
+Priv |
2016-01-06 |
2017-09-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. |
|
43457 |
CVE-2015-6638 |
264 |
|
+Priv |
2016-01-06 |
2016-12-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908. |
|
43458 |
CVE-2015-6637 |
264 |
|
+Priv |
2016-01-06 |
2016-12-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. |
|
43459 |
CVE-2015-6636 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2016-01-06 |
2016-12-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670. |
|
43460 |
CVE-2015-6634 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-08 |
2015-12-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261. |
|
43461 |
CVE-2015-6633 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-08 |
2015-12-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307. |
|
43462 |
CVE-2015-6632 |
200 |
|
Bypass +Info |
2015-12-08 |
2015-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24346430. |
|
43463 |
CVE-2015-6631 |
200 |
|
Bypass +Info |
2015-12-08 |
2015-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24623447. |
|
43464 |
CVE-2015-6630 |
200 |
|
+Priv +Info |
2015-12-08 |
2015-12-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797. |
|
43465 |
CVE-2015-6629 |
200 |
|
+Info |
2015-12-08 |
2015-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667. |
|
43466 |
CVE-2015-6628 |
200 |
|
Bypass +Info |
2015-12-08 |
2015-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24074485. |
|
43467 |
CVE-2015-6626 |
200 |
|
Bypass +Info |
2015-12-08 |
2015-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24310423. |
|
43468 |
CVE-2015-6625 |
200 |
|
+Priv +Info |
2015-12-08 |
2015-12-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840. |
|
43469 |
CVE-2015-6624 |
200 |
|
+Info |
2015-12-08 |
2015-12-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740. |
|
43470 |
CVE-2015-6623 |
264 |
|
+Priv |
2015-12-08 |
2015-12-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703. |
|
43471 |
CVE-2015-6622 |
200 |
|
Bypass +Info |
2015-12-08 |
2015-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23905002. |
|
43472 |
CVE-2015-6621 |
264 |
|
+Priv |
2015-12-08 |
2015-12-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438. |
|
43473 |
CVE-2015-6620 |
264 |
|
+Priv |
2015-12-08 |
2015-12-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and 24445127. |
|
43474 |
CVE-2015-6619 |
264 |
|
+Priv |
2015-12-08 |
2015-12-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714. |
|
43475 |
CVE-2015-6618 |
254 |
|
Exec Code |
2015-12-08 |
2015-12-09 |
4.3 |
None |
Local Network |
High |
Not required |
Partial |
Partial |
Partial |
|
Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment, aka internal bug 24595992. |
|
43476 |
CVE-2015-6617 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-08 |
2016-12-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740. |
|
43477 |
CVE-2015-6616 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-08 |
2015-12-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and 23882800, a different vulnerability than CVE-2015-8505, CVE-2015-8506, and CVE-2015-8507. |
|
43478 |
CVE-2015-6614 |
264 |
|
DoS +Priv Bypass |
2015-11-03 |
2016-12-07 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage or mute manipulation), via a crafted application, aka internal bug 21900139. |
|
43479 |
CVE-2015-6613 |
77 |
|
+Priv |
2015-11-03 |
2016-12-07 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736. |
|
43480 |
CVE-2015-6612 |
264 |
|
+Priv |
2015-11-03 |
2016-12-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426. |
|
43481 |
CVE-2015-6611 |
200 |
|
Bypass +Info |
2015-11-03 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23905951, 23912202, 23953967, 23696300, 23600291, 23756261, 23541506, 23284974, 23542351, and 23542352, a different vulnerability than CVE-2015-8074. |
|
43482 |
CVE-2015-6610 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-11-03 |
2016-12-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088. |
|
43483 |
CVE-2015-6609 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-11-03 |
2016-12-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624. |
|
43484 |
CVE-2015-6608 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-11-03 |
2016-12-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073. |
|
43485 |
CVE-2015-6607 |
264 |
|
+Priv |
2015-10-06 |
2017-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. |
|
43486 |
CVE-2015-6606 |
264 |
|
+Priv |
2015-10-06 |
2015-10-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22301786. |
|
43487 |
CVE-2015-6605 |
|
|
DoS |
2015-10-06 |
2015-10-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718. |
|
43488 |
CVE-2015-6604 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-06 |
2015-10-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786. |
|
43489 |
CVE-2015-6603 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-06 |
2015-10-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354. |
|
43490 |
CVE-2015-6602 |
20 |
|
Exec Code |
2015-10-01 |
2016-12-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. |
|
43491 |
CVE-2015-6601 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-06 |
2015-10-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234. |
|
43492 |
CVE-2015-6600 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-06 |
2015-10-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938. |
|
43493 |
CVE-2015-6599 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-06 |
2015-10-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608. |
|
43494 |
CVE-2015-6598 |
20 |
|
DoS Exec Code Mem. Corr. |
2015-10-06 |
2015-10-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638. |
|
43495 |
CVE-2015-6596 |
264 |
|
+Priv |
2015-10-06 |
2015-10-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717. |
|
43496 |
CVE-2015-6592 |
254 |
|
|
2017-09-25 |
2017-10-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. |
|
43497 |
CVE-2015-6588 |
79 |
|
XSS |
2017-08-29 |
2017-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. |
|
43498 |
CVE-2015-6587 |
119 |
|
DoS Overflow |
2015-09-02 |
2015-09-02 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC. |
|
43499 |
CVE-2015-6586 |
200 |
|
+Info |
2017-05-23 |
2017-06-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network. |
|
43500 |
CVE-2015-6585 |
119 |
|
Exec Code Overflow |
2017-07-25 |
2017-08-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text tag. |
