Original release date: March 11, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — camel | The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. | 2016-02-03 | 7.5 | CVE-2015-5344 |
| apple — apple_tv | The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2016-02-01 | 7.2 | CVE-2016-1717 |
| apple — apple_tv | The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2016-02-01 | 7.2 | CVE-2016-1719 |
| apple — apple_tv | IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2016-02-01 | 7.2 | CVE-2016-1720 |
| apple — apple_tv | The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2016-02-01 | 7.2 | CVE-2016-1721 |
| apple — apple_tv | syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2016-02-01 | 7.2 | CVE-2016-1722 |
| apple — mac_os_x | Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application. | 2016-02-01 | 7.5 | CVE-2016-1729 |
| apple — mac_os_x | AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2016-02-01 | 7.2 | CVE-2016-1716 |
| apple — safari | WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726. | 2016-02-01 | 9.3 | CVE-2016-1723 |
| apple — safari | WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727. | 2016-02-01 | 9.3 | CVE-2016-1724 |
| apple — safari | WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726. | 2016-02-01 | 9.3 | CVE-2016-1725 |
| apple — safari | WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725. | 2016-02-01 | 9.3 | CVE-2016-1726 |
| apple — safari | WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724. | 2016-02-01 | 9.3 | CVE-2016-1727 |
| cisco — prime_security_manager | The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842. | 2016-02-07 | 8.5 | CVE-2016-1301 |
| cloudbees — jenkins | The Plugins Manager in CloudBees Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin. | 2016-02-03 | 7.6 | CVE-2015-7539 |
| ge — ups_snmp_web_adapter_firmware | General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. | 2016-02-05 | 9 | CVE-2016-0861 |
| google — android | libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794. | 2016-02-06 | 10 | CVE-2016-0803 |
| google — android | The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029. | 2016-02-06 | 8.3 | CVE-2016-0801 |
| google — android | The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181. | 2016-02-06 | 8.3 | CVE-2016-0802 |
| google — kubernetes | The API server in Kubernetes might allow remote attackers to gain privileges by editing a build configuration to use a restricted strategy. | 2016-02-03 | 10 | CVE-2016-1906 |
| linux — linux_kernel | The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604. | 2016-02-07 | 10 | CVE-2015-8787 |
| linux — linux_kernel | The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c. | 2016-02-07 | 7.2 | CVE-2015-8539 |
| linux — linux_kernel | The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. | 2016-02-07 | 7.2 | CVE-2016-0728 |
| radicale — radicale | The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. | 2016-02-03 | 7.5 | CVE-2015-8747 |
| radicale — radicale | The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore. | 2016-02-03 | 7.5 | CVE-2016-1505 |
| sauter — moduweb_vision | Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | 2016-02-06 | 10 | CVE-2015-7915 |
| sauter — moduweb_vision | Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password. | 2016-02-06 | 9.3 | CVE-2015-7914 |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — iphone_os | WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal. | 2016-02-01 | 5.8 | CVE-2016-1730 |
| apple — mac_os_x | The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2016-02-01 | 6.9 | CVE-2016-1718 |
| apple — safari | The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the “a:visited button” selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site. | 2016-02-01 | 4.3 | CVE-2016-1728 |
| cisco — application policy infrastructure controller enterprise module | Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511. | 2016-02-07 | 4.3 | CVE-2016-1305 |
| cisco — finesse | The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. | 2016-02-07 | 5.5 | CVE-2016-1307 |
| cisco — fog_director | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466. | 2016-02-06 | 4.3 | CVE-2016-1306 |
| cisco — jabber_guest | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224. | 2016-02-06 | 4.3 | CVE-2016-1311 |
| cisco — unified_communications_manager | SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227. | 2016-02-07 | 6.5 | CVE-2016-1308 |
| cisco — unity_connection | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033. | 2016-02-06 | 4.3 | CVE-2016-1310 |
| cisco — webex_meetings_server | Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843. | 2016-02-07 | 4.3 | CVE-2016-1309 |
| cloudbees — jenkins | Cross-site request forgery (CSRF) vulnerability in CloudBees Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method. | 2016-02-03 | 6.8 | CVE-2015-7537 |
| cloudbees — jenkins | CloudBees Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. | 2016-02-03 | 6.8 | CVE-2015-7538 |
| ffmpeg — ffmpeg | The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data. | 2016-02-03 | 4.3 | CVE-2016-2213 |
| fisher-price — smart_toy_bear | The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network’s coverage area and entering an account number. | 2016-02-04 | 6.5 | CVE-2015-8269 |
| ge — ups_snmp_web_adapter_firmware | General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. | 2016-02-05 | 4 | CVE-2016-0862 |
| google — kubernetes | The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. | 2016-02-03 | 4 | CVE-2016-1905 |
| janrain — php-openid | examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header. | 2016-02-01 | 6.8 | CVE-2016-2049 |
| libtiff — libtiff | tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782. | 2016-02-01 | 4.3 | CVE-2015-8781 |
| libtiff — libtiff | tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781. | 2016-02-01 | 4.3 | CVE-2015-8782 |
| libtiff — libtiff | tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. | 2016-02-01 | 4.3 | CVE-2015-8783 |
| linux — linux_kernel | Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. | 2016-02-07 | 5.6 | CVE-2016-0723 |
| linux — linux_kernel | net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. | 2016-02-07 | 5 | CVE-2015-8767 |
| linux — linux_kernel | arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. | 2016-02-07 | 4.9 | CVE-2015-7513 |
| linux — linux_kernel | The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls. | 2016-02-07 | 4.9 | CVE-2015-7550 |
| linux — linux_kernel | The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. | 2016-02-07 | 4.9 | CVE-2015-7566 |
| linux — linux_kernel | The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. | 2016-02-07 | 4.9 | CVE-2015-8785 |
| mcafee — vulnerability_manager | Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | 2016-02-01 | 6.8 | CVE-2016-2199 |
| radicale — radicale | Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by “.*”. | 2016-02-03 | 5 | CVE-2015-8748 |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cloudbees — jenkins | Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts. | 2016-02-03 | 3.5 | CVE-2015-7536 |
| linux — linux_kernel | The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. | 2016-02-07 | 2.1 | CVE-2015-8575 |
| sauter — moduweb_vision | Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. | 2016-02-06 | 3.5 | CVE-2015-7916 |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| Android — AlternateRecentsComponent.java | packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check for device provisioning, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25476219. | 2016-02-06 | N/A | CVE-2016-0813 |
| Android — get_build_id | The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394. | 2016-02-06 | N/A | CVE-2016-0807 |
| Android — getCoverageFormat12 | Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298. | 2016-02-06 | N/A | CVE-2016-0808 |
| Android — libmediaplayerservice | Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375. | 2016-02-06 | N/A | CVE-2016-0811 |
| Android — mediaserver | media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25781119. | 2016-02-06 | N/A | CVE-2016-0810 |
| Android — PhoneWindowManager | The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25229538. | 2016-02-06 | N/A | CVE-2016-0812 |
| Android — wifi_cleanup function | Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal bug 25753768. | 2016-02-06 | N/A | CVE-2016-0809 |
| Cisco — Application Policy Infrastructure Controller | Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. | 2016-02-07 | N/A | CVE-2016-1302 |
| Cisco — Nexus | Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512. | 2016-02-07 | N/A | CVE-2015-6398 |
| Huawei — E5186 | Huawei E5186 4G LTE router with software before V200R001B310D01SP00C00 allows DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors. | 2016-02-01 | N/A | CVE-2015-8265 |
| ISC — BIND | rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query. | 2016-02-04 | N/A | CVE-2016-1284 |
| NuPlayer — GenericSource | The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434. | 2016-02-06 | N/A | CVE-2016-0804 |
| OpenStack — Identity | The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token. | 2016-02-03 | N/A | CVE-2015-7546 |
| Qualcomm — Android | The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453. | 2016-02-06 | N/A | CVE-2016-0806 |
| Qualcomm — Android | The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204. | 2016-02-06 | N/A | CVE-2016-0805 |
This product is provided subject to this Notification and this Privacy & Use policy.