Skip to main content
CVE-2015-6620 CRITICAL Act Now

libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.6% and no vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 2.0
9.3
EPSS
12.6%
CVE-2015-6616 CRITICAL Act Now

mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Google Buffer Overflow Android
NVD
CVSS 2.0
9.3
EPSS
1.8%
CVE-2015-6617 CRITICAL Act Now

Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Google Buffer Overflow Android
NVD
CVSS 2.0
9.3
EPSS
1.7%
CVE-2015-8507 CRITICAL Act Now

mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Google Buffer Overflow Android
NVD
CVSS 2.0
9.3
EPSS
1.7%
CVE-2015-8506 CRITICAL Act Now

mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Google Buffer Overflow Android
NVD
CVSS 2.0
9.3
EPSS
1.7%
CVE-2015-8505 CRITICAL Act Now

mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Google Buffer Overflow Android
NVD
CVSS 2.0
9.3
EPSS
1.7%
CVE-2015-6634 CRITICAL Act Now

The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Google Buffer Overflow Android
NVD
CVSS 2.0
9.3
EPSS
1.7%
CVE-2015-6633 CRITICAL Act Now

The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Google Buffer Overflow Android
NVD
CVSS 2.0
9.3
EPSS
1.3%
CVE-2015-6623 CRITICAL Act Now

Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 2.0
9.3
EPSS
0.2%
CVE-2015-6621 CRITICAL Act Now

SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 2.0
9.3
EPSS
0.2%
CVE-2015-6619 CRITICAL Act Now

The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 2.0
9.3
EPSS
0.1%
CVE-2015-6631 MEDIUM This Month

libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-6632 MEDIUM This Month

libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-6626 MEDIUM This Month

libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-6629 MEDIUM This Month

Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-6628 MEDIUM This Month

Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-6622 MEDIUM This Month

The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-6618 MEDIUM This Month

Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment, aka internal bug 24595992. Rated medium severity (CVSS 4.3). No vendor patch available.

RCE Google Android
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-6630 MEDIUM This Month

SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-6625 MEDIUM This Month

System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-6624 MEDIUM This Month

System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-6627 LOW Monitor

The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 2.0
2.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy