Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3741 | 1 Google | 1 Android | 2016-07-11 | 7.5 HIGH | 9.8 CRITICAL |
| The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661. | |||||
| CVE-2016-3755 | 1 Google | 1 Android | 2016-07-11 | 7.8 HIGH | 7.5 HIGH |
| decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28470138. | |||||
| CVE-2016-3750 | 1 Google | 1 Android | 2016-07-11 | 7.5 HIGH | 7.8 HIGH |
| libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted application, aka internal bug 28395952. | |||||
| CVE-2016-3756 | 1 Google | 1 Android | 2016-07-11 | 7.8 HIGH | 7.5 HIGH |
| Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28556125. | |||||
| CVE-2016-3757 | 1 Google | 1 Android | 2016-07-11 | 5.9 MEDIUM | 7.0 HIGH |
| The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237. NOTE: print_maps is not related to the Vic Abell lsof product. | |||||
| CVE-2016-0398 | 1 Ibm | 1 Cognos Analytics | 2016-07-05 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL. | |||||
| CVE-2016-1209 | 1 Ninjaforms | 1 Ninja Forms | 2016-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. | |||||
| CVE-2016-4518 | 1 Osisoft | 1 Pi Af Server 2016 | 2016-06-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. | |||||
| CVE-2016-5433 | 1 Citrix | 1 Ios Receiver | 2016-06-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. | |||||
| CVE-2016-4165 | 1 Adobe | 1 Brackets | 2016-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input. | |||||
| CVE-2016-1418 | 1 Cisco | 7 Aironet 1830e, Aironet 1830i, Aironet 1850e and 4 more | 2016-06-15 | 7.2 HIGH | 7.8 HIGH |
| Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037. | |||||
| CVE-2015-1808 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 3.5 LOW | N/A |
| Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. | |||||
| CVE-2016-2495 | 1 Google | 1 Android | 2016-06-14 | 7.1 HIGH | 5.5 MEDIUM |
| SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28076789. | |||||
| CVE-2016-2464 | 1 Google | 1 Android | 2016-06-14 | 9.3 HIGH | 7.8 HIGH |
| libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726. | |||||
| CVE-2016-2475 | 1 Google | 1 Android | 2016-06-14 | 6.8 MEDIUM | 7.8 HIGH |
| The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges for certain system calls via a crafted application, aka internal bug 26425765. | |||||
| CVE-2013-0331 | 1 Jenkins | 1 Jenkins | 2016-06-13 | 4.0 MEDIUM | N/A |
| Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload. | |||||
| CVE-2016-2486 | 1 Google | 1 Android | 2016-06-13 | 9.3 HIGH | 7.8 HIGH |
| mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793371. | |||||
| CVE-2016-2478 | 1 Google | 1 Android | 2016-06-13 | 9.3 HIGH | 7.8 HIGH |
| mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27475409. | |||||
| CVE-2016-2487 | 1 Google | 1 Android | 2016-06-13 | 9.3 HIGH | 7.8 HIGH |
| libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27833616. | |||||
| CVE-2016-2480 | 1 Google | 1 Android | 2016-06-13 | 9.3 HIGH | 7.8 HIGH |
| The mm-video-v4l2 vidc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate certain OMX parameter data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532721. | |||||