mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8506.
| Max Base Score | 9.3 |
| Published | 2015-12-08 |
| Updated | 2015-12-09 |
| EPSS | 0.18% |
mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8507.
| Max Base Score | 9.3 |
| Published | 2015-12-08 |
| Updated | 2019-02-14 |
| EPSS | 0.18% |
mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than CVE-2015-6616, CVE-2015-8506, and CVE-2015-8507.
| Max Base Score | 9.3 |
| Published | 2015-12-08 |
| Updated | 2015-12-09 |
| EPSS | 0.18% |
mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611.
| Max Base Score | 5.0 |
| Published | 2015-11-03 |
| Updated | 2015-11-03 |
| EPSS | 0.10% |
mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072.
| Max Base Score | 10.0 |
| Published | 2015-11-03 |
| Updated | 2015-11-03 |
| EPSS | 0.15% |
mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23881715, a different vulnerability than CVE-2015-6608 and CVE-2015-8073.
| Max Base Score | 10.0 |
| Published | 2015-11-03 |
| Updated | 2015-11-03 |
| EPSS | 0.15% |
mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605.
| Max Base Score | 5.0 |
| Published | 2015-10-06 |
| Updated | 2015-10-07 |
| EPSS | 0.10% |
mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.
| Max Base Score | 9.3 |
| Published | 2015-10-06 |
| Updated | 2015-10-07 |
| EPSS | 0.06% |
libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than CVE-2015-3873.
| Max Base Score | 10.0 |
| Published | 2015-10-06 |
| Updated | 2015-10-07 |
| EPSS | 0.15% |
The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP archive.
| Max Base Score | 4.3 |
| Published | 2015-12-06 |
| Updated | 2017-09-14 |
| EPSS | 0.15% |
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-5584.
| Max Base Score | 10.0 |
| Published | 2015-09-22 |
| Updated | 2017-02-17 |
| EPSS | 1.99% |
Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6676.
| Max Base Score | 10.0 |
| Published | 2015-09-22 |
| Updated | 2017-02-17 |
| EPSS | 2.33% |
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-5588.
| Max Base Score | 10.0 |
| Published | 2015-09-22 |
| Updated | 2017-02-17 |
| EPSS | 18.60% |
Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6678.
| Max Base Score | 10.0 |
| Published | 2015-09-22 |
| Updated | 2017-02-17 |
| EPSS | 3.25% |
The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.
| Max Base Score | 9.3 |
| Published | 2015-12-08 |
| Updated | 2015-12-09 |
| EPSS | 0.18% |
The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307.
| Max Base Score | 9.3 |
| Published | 2015-12-08 |
| Updated | 2019-02-12 |
| EPSS | 0.18% |
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24346430.
| Max Base Score | 5.0 |
| Published | 2015-12-08 |
| Updated | 2019-02-12 |
| EPSS | 0.10% |
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24623447.
| Max Base Score | 5.0 |
| Published | 2015-12-08 |
| Updated | 2019-02-12 |
| EPSS | 0.10% |
SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797.
| Max Base Score | 4.3 |
| Published | 2015-12-08 |
| Updated | 2019-02-12 |
| EPSS | 0.06% |
Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667.
| Max Base Score | 5.0 |
| Published | 2015-12-08 |
| Updated | 2015-12-09 |
| EPSS | 0.10% |
Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24074485.
| Max Base Score | 5.0 |
| Published | 2015-12-08 |
| Updated | 2019-02-12 |
| EPSS | 0.09% |
The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24211743.
| Max Base Score | 2.6 |
| Published | 2015-12-08 |
| Updated | 2019-02-12 |
| EPSS | 0.15% |
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24310423.
| Max Base Score | 5.0 |
| Published | 2015-12-08 |
| Updated | 2019-02-12 |
| EPSS | 0.10% |
System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840.
| Max Base Score | 4.3 |
| Published | 2015-12-08 |
| Updated | 2015-12-09 |
| EPSS | 0.06% |
System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740.
| Max Base Score | 4.3 |
| Published | 2015-12-08 |
| Updated | 2015-12-09 |
| EPSS | 0.06% |