Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.
mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.