NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2015-3863 | Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399. | 9.3 | 0.39% | 2015-10-01 | 2026-05-06 |
| CVE-2015-3864 | Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824. | 10.0 | 90.27% | 2015-10-01 | 2026-05-06 |
| CVE-2015-3876 | libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. | 9.3 | 7.18% | 2015-10-02 | 2026-05-06 |
| CVE-2015-6602 | libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. | 9.3 | 1.77% | 2015-10-02 | 2026-05-06 |
| CVE-2015-3823 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. | 10.0 | 1.40% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3847 | Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. | 6.4 | 0.06% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3862 | mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006. | 5.0 | 0.10% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3865 | The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463. | 9.3 | 0.21% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3867 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430. | 10.0 | 2.67% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3868 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. | 10.0 | 4.36% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3869 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083. | 10.0 | 1.40% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3870 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132. | 10.0 | 1.40% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3871 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033. | 10.0 | 2.67% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3872 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388. | 10.0 | 2.67% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3873 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674, 22388975, 20674086, 21443020, and 22077698, a different vulnerability than CVE-2015-7716. | 10.0 | 1.40% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3874 | The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323. | 10.0 | 2.67% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3875 | libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. | 10.0 | 5.92% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3877 | Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. | 10.0 | 2.67% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3878 | Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that references a long application name, aka internal bug 23345192. | 4.3 | 1.06% | 2015-10-06 | 2026-05-06 |
| CVE-2015-3879 | Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325. | 9.3 | 0.21% | 2015-10-06 | 2026-05-06 |