Shodan
Vulnerabilities
Vulnerable Software
Google:  >> Android  >> 5.0  Security Vulnerabilities
CVE-2016-1948
Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream.
CVSS Score
5.3
EPSS Score
0.002
Published
2016-01-31
CVE-2016-1943
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
CVSS Score
4.7
EPSS Score
0.006
Published
2016-01-31
CVE-2016-1940
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.
CVSS Score
5.3
EPSS Score
0.003
Published
2016-01-31
CVE-2015-6647
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.
CVSS Score
7.8
EPSS Score
0.002
Published
2016-01-06
CVE-2015-6645
SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.
CVSS Score
5.0
EPSS Score
0.001
Published
2016-01-06
CVE-2015-6644
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
CVSS Score
3.3
EPSS Score
0.002
Published
2016-01-06
CVE-2015-6640
The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-01-06
CVE-2015-6639
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
CVSS Score
7.8
EPSS Score
0.078
Published
2016-01-06
CVE-2015-6638
The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.
CVSS Score
7.8
EPSS Score
0.0
Published
2016-01-06
CVE-2015-6637
The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-01-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved