Skip to main content
CVE-2015-0569 HIGH POC This Week

Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Linux Buffer Overflow Qualcomm +1
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2016-2439 HIGH This Week

Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows remote attackers to execute arbitrary code via. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Google Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2016-3105 HIGH PATCH This Week

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Authentication Bypass Debian Linux Mercurial
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2016-2431 HIGH PATCH This Week

The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2016-2434 HIGH This Week

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2016-4477 HIGH This Week

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-0571 HIGH This Week

The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Authentication Bypass Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-2452 HIGH This Week

codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate buffer sizes, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2435 HIGH PATCH This Week

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27297988. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Nvidia Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-0570 HIGH This Week

Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Linux Buffer Overflow Qualcomm +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-2432 HIGH PATCH This Week

The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2060 HIGH PATCH This Week

server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2451 HIGH PATCH This Week

codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2450 HIGH PATCH This Week

codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2449 HIGH This Week

services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2448 HIGH This Week

media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2440 HIGH This Week

libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2437 HIGH PATCH This Week

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27436822. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Nvidia Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2436 HIGH PATCH This Week

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27299111. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Nvidia Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2430 HIGH This Week

libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-4476 HIGH This Week

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hostapd Wpa Supplicant Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2016-2461 HIGH PATCH This Week

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Java Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2443 HIGH PATCH This Week

The Qualcomm MDP driver in Android before 2016-05-01 on Nexus 5 and Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 26404525. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2462 HIGH PATCH This Week

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Java Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2456 HIGH PATCH This Week

The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Privilege Escalation Mediatek Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2453 HIGH PATCH This Week

The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27549705. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Privilege Escalation Mediatek Google Android One
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2446 HIGH PATCH This Week

The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Nvidia Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2444 HIGH PATCH This Week

The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Nvidia Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2442 HIGH PATCH This Week

The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26494907. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-2445 HIGH PATCH This Week

The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Nvidia Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-2441 HIGH PATCH This Week

The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26354602. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy