Skip to main content
CVE-2016-0998 HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.9%.

Memory Corruption RCE Use After Free Microsoft Adobe +7
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
72.9%
Threat
5.4
CVE-2016-0999 HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.5%.

Memory Corruption RCE Use After Free Microsoft Adobe +7
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
64.5%
Threat
5.2
CVE-2016-0997 HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.5%.

Memory Corruption RCE Use After Free Microsoft Adobe +7
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
64.5%
Threat
5.2
CVE-2016-1000 HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.4%.

Memory Corruption RCE Use After Free Microsoft Adobe +7
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
62.4%
Threat
5.1
CVE-2016-1002 HIGH POC PATCH THREAT Act Now

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.8%.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +7
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
60.8%
Threat
5.1
CVE-2016-1010 HIGH KEV PATCH THREAT Act Now

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 30.0%.

Adobe Integer Overflow Microsoft RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
30.0%
Threat
4.2
CVE-2016-1001 HIGH POC PATCH THREAT Act Now

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 42.9%.

Memory Corruption RCE Buffer Overflow Microsoft Adobe +7
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
42.9%
Threat
4.5
CVE-2016-1621 CRITICAL Act Now

libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Google Buffer Overflow Android
NVD
CVSS 3.0
9.8
EPSS
8.7%
CVE-2016-0996 HIGH PATCH Act Now

Use-after-free vulnerability in the setInterval method in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.1%.

Memory Corruption RCE Use After Free Microsoft Adobe +7
NVD
CVSS 3.1
8.8
EPSS
10.1%
CVE-2016-0992 HIGH PATCH This Week

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +7
NVD
CVSS 3.1
8.8
EPSS
9.1%
CVE-2016-0994 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Microsoft Adobe +7
NVD
CVSS 3.1
8.8
EPSS
8.8%
CVE-2016-0991 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Microsoft Adobe +7
NVD
CVSS 3.1
8.8
EPSS
7.5%
CVE-2016-0988 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Microsoft Adobe +7
NVD
CVSS 3.1
8.8
EPSS
7.5%
CVE-2016-0816 CRITICAL Act Now

mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Google Buffer Overflow Android
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2016-0815 CRITICAL Act Now

The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Google Buffer Overflow Android
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-1005 HIGH PATCH This Week

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption RCE Denial Of Service Buffer Overflow Microsoft +8
NVD
CVSS 3.1
8.8
EPSS
6.9%
CVE-2016-0995 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Microsoft Adobe +7
NVD
CVSS 3.1
8.8
EPSS
6.5%
CVE-2016-0987 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Microsoft Adobe +7
NVD
CVSS 3.1
8.8
EPSS
6.5%
CVE-2015-7411 CRITICAL Act Now

The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Tivoli Monitoring
NVD
CVSS 3.0
9.9
EPSS
0.8%
CVE-2016-0993 HIGH PATCH This Week

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Adobe RCE Microsoft Flash Player +6
NVD
CVSS 3.1
8.8
EPSS
6.2%
CVE-2016-0963 HIGH PATCH This Week

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Adobe RCE Microsoft Flash Player +6
NVD
CVSS 3.1
8.8
EPSS
6.2%
CVE-2016-0990 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Microsoft Adobe +7
NVD
CVSS 3.1
8.8
EPSS
5.4%
CVE-2016-0960 HIGH PATCH This Week

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +7
NVD
CVSS 3.1
8.8
EPSS
5.3%
CVE-2016-0989 HIGH PATCH This Week

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +7
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2016-0986 HIGH PATCH This Week

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +7
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2016-0962 HIGH PATCH This Week

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +7
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2016-0961 HIGH PATCH This Week

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +7
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2015-7446 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS CSRF Flashsystem V9000 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-0827 HIGH This Week

Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-0826 HIGH This Week

libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-0819 HIGH This Week

The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-0820 HIGH This Week

The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mediatek Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-0829 HIGH This Week

The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-0828 HIGH This Week

The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-1360 HIGH This Week

Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Prime Lan Management Solution
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2016-0822 HIGH This Week

The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Mediatek Google Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-1338 MEDIUM This Month

Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence Video Communication Server Software
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-0830 MEDIUM This Month

btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-0832 MEDIUM This Month

Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.0
6.1
EPSS
0.0%
CVE-2016-0818 MEDIUM This Month

The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Java Android
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2016-0831 MEDIUM This Month

The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Java Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-0821 MEDIUM PATCH This Month

The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google Linux Authentication Bypass Linux Kernel Android
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2015-7448 MEDIUM This Month

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Change And Configuration Management Database Maximo Asset Management Maximo Asset Management Essentials +10
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2015-6485 MEDIUM This Month

Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Telvent Rtu Firmware
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-0824 MEDIUM This Month

libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-1361 MEDIUM This Month

Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-0825 MEDIUM This Month

The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-1562 MEDIUM This Month

The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Insight
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2016-0823 MEDIUM This Month

The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Google Information Disclosure Android Linux Kernel
NVD GitHub
CVSS 3.0
4.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy