Skip to main content
CVE-2016-4350 CRITICAL Emergency

Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 63.5% and no vendor patch available.

SQLi Storage Resource Monitor
NVD
CVSS 3.0
9.8
EPSS
63.5%
CVE-2015-0569 HIGH POC This Week

Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Linux Buffer Overflow Qualcomm +1
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2016-2429 CRITICAL Act Now

libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Google Buffer Overflow Android
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-2428 CRITICAL Act Now

libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Google Buffer Overflow Android
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-2439 HIGH This Week

Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows remote attackers to execute arbitrary code via. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Google Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2016-3105 HIGH PATCH This Week

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Authentication Bypass Debian Linux Mercurial
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2016-2431 HIGH PATCH This Week

The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2016-2434 HIGH This Week

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2016-4477 HIGH This Week

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-0571 HIGH This Week

The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Authentication Bypass Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-2452 HIGH This Week

codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate buffer sizes, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2435 HIGH PATCH This Week

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27297988. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Nvidia Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-0570 HIGH This Week

Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Linux Buffer Overflow Qualcomm +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-2432 HIGH PATCH This Week

The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2060 HIGH PATCH This Week

server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2451 HIGH PATCH This Week

codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2450 HIGH PATCH This Week

codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2449 HIGH This Week

services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2448 HIGH This Week

media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2440 HIGH This Week

libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2437 HIGH PATCH This Week

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27436822. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Nvidia Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2436 HIGH PATCH This Week

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27299111. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Nvidia Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2430 HIGH This Week

libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-4476 HIGH This Week

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hostapd Wpa Supplicant Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2016-2461 HIGH PATCH This Week

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Java Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2443 HIGH PATCH This Week

The Qualcomm MDP driver in Android before 2016-05-01 on Nexus 5 and Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 26404525. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2462 HIGH PATCH This Week

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Java Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2456 HIGH PATCH This Week

The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Privilege Escalation Mediatek Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2453 HIGH PATCH This Week

The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27549705. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Privilege Escalation Mediatek Google Android One
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2446 HIGH PATCH This Week

The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Nvidia Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2444 HIGH PATCH This Week

The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Nvidia Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2442 HIGH PATCH This Week

The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26494907. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2445 HIGH PATCH This Week

The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Nvidia Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-2441 HIGH PATCH This Week

The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26354602. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-2454 MEDIUM PATCH This Month

The Qualcomm hardware video codec in Android before 2016-05-01 on Nexus 5 devices allows remote attackers to cause a denial of service (reboot) via a crafted file, aka internal bug 26221024. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Denial Of Service Android
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-2458 MEDIUM This Month

The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Java Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-2460 MEDIUM This Month

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-2459 MEDIUM This Month

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-2457 MEDIUM This Month

server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Privilege Escalation Google Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2015-5207 MEDIUM This Month

Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Apache Cordova
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2015-5208 MEDIUM This Month

Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Apache Cordova
NVD
CVSS 3.0
4.4
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy