libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.
mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.