CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9888 | medium | 5.5 | 5.5 | 10y ago | An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently caus… | |||
| CVE-2016-9191 | medium | 5.5 | 5.5 | 10y ago | The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a… | |||
| CVE-2016-9178 | medium | 5.5 | 5.5 | 10y ago | The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information… | |||
| CVE-2016-8650 | medium | 5.5 | 5.5 | 10y ago | The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memo… | |||
| CVE-2016-8646 | medium | 5.5 | 5.5 | 10y ago | The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a… | |||
| CVE-2016-8645 | medium | 5.5 | 5.5 | 10y ago | The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system call… | |||
| CVE-2016-8630 | medium | 5.5 | 5.5 | 10y ago | The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a Mo… | |||
| CVE-2016-6753 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-05 could enable a local malicious applic… | |||
| CVE-2016-6752 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-6751 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-6750 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-6749 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-6748 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-6747 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High du… | |||
| CVE-2016-6746 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is… | |||
| CVE-2016-6724 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a loc… | |||
| CVE-2016-6721 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission l… | |||
| CVE-2016-6719 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a… | |||
| CVE-2016-6718 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11-01 could enable a local malicious application to retrieve sensitive information without user inter… | |||
| CVE-2016-6716 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the u… | |||
| CVE-2016-6715 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local… | |||
| CVE-2016-6714 | medium | 5.5 | 5.5 | 10y ago | A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or r… | |||
| CVE-2016-6713 | medium | 5.5 | 5.5 | 10y ago | A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or r… | |||
| CVE-2016-6710 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious appl… | |||
| CVE-2016-6708 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is … | |||
| CVE-2016-6698 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-3907 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-3906 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local m… | |||
| CVE-2016-5967 | medium | 5.5 | 5.5 | 10y ago | The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs. | |||
| CVE-2016-9567 | medium | 5.5 | 5.5 | 10y ago | The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exp… | |||
| CVE-2016-6459 | medium | 5.5 | 5.5 | 10y ago | Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: C… | |||
| CVE-2016-7916 | medium | 5.5 | 5.5 | 10y ago | Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file … | |||
| CVE-2016-7915 | medium | 5.5 | 5.5 | 10y ago | The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of ser… | |||
| CVE-2016-7914 | medium | 5.5 | 5.5 | 10y ago | The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive informat… | |||
| CVE-2016-9318 | medium | 5.5 | 5.5 | 10y ago | libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, … | |||
| CVE-2016-7244 | medium | 5.5 | 5.5 | 10y ago | Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability." | |||
| CVE-2016-4961 | medium | 5.5 | 5.5 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA W… | |||
| CVE-2016-9189 | medium | 5.5 | 5.5 | 10y ago | Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_… | |||
| CVE-2016-4025 | medium | 5.5 | 5.5 | 10y ago | Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Prote… | |||
| CVE-2016-5608 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a … | |||
| CVE-2016-5576 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel Zones. | |||
| CVE-2016-5517 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 allows local users to affect confidentiality via vectors related to AD Utilities. | |||
| CVE-2016-5505 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors. | |||
| CVE-2016-5486 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality via vectors related to Core Ser… | |||
| CVE-2016-8660 | medium | 5.5 | 5.5 | 10y ago | The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related … | |||
| CVE-2016-6327 | medium | 5.5 | 5.5 | 10y ago | drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to ab… | |||
| CVE-2016-3263 | medium | 5.5 | 5.5 | 10y ago | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10… | |||
| CVE-2016-3262 | medium | 5.5 | 5.5 | 10y ago | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10… | |||
| CVE-2016-7796 | medium | 5.5 | 5.5 | 10y ago | The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be r… | |||
| CVE-2016-7795 | medium | 5.5 | 5.5 | 10y ago | denial of service in systemd | |||
| CVE-2016-3638 | medium | 5.5 | 5.5 | 10y ago | SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623. | |||
| CVE-2016-8100 | medium | 5.5 | 5.5 | 10y ago | Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack. | |||
| CVE-2016-6690 | medium | 5.5 | 5.5 | 10y ago | The sound driver in the kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Nexus Player devices allows attackers to cause a denial of service (reboot) via a crafted appl… | |||
| CVE-2016-6688 | medium | 5.5 | 5.5 | 10y ago | The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30593080. | |||
| CVE-2016-6687 | medium | 5.5 | 5.5 | 10y ago | The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30162222. | |||
| CVE-2016-6686 | medium | 5.5 | 5.5 | 10y ago | The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30163101. | |||
| CVE-2016-6685 | medium | 5.5 | 5.5 | 10y ago | The kernel in Android before 2016-10-05 on Nexus 6P devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30402628. | |||
| CVE-2016-6684 | medium | 5.5 | 5.5 | 10y ago | The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Android One devices allows attackers to obtain sensitive information via a crafted applicat… | |||
| CVE-2016-6683 | medium | 5.5 | 5.5 | 10y ago | The kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30143283. | |||
| CVE-2016-6682 | medium | 5.5 | 5.5 | 10y ago | drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which all… | |||
| CVE-2016-6681 | medium | 5.5 | 5.5 | 10y ago | drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which all… | |||
| CVE-2016-6679 | medium | 5.5 | 5.5 | 10y ago | CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted applicatio… | |||
| CVE-2016-6678 | medium | 5.5 | 5.5 | 10y ago | The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 29914434. | |||
| CVE-2016-6677 | medium | 5.5 | 5.5 | 10y ago | The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30259955. | |||
| CVE-2016-3925 | medium | 5.5 | 5.5 | 10y ago | server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to cause a denial of service (blocked Wi-Fi usage) via a crafted application, aka interna… | |||
| CVE-2016-3924 | medium | 5.5 | 5.5 | 10y ago | services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate EFFECT_CMD_SET… | |||
| CVE-2016-3923 | medium | 5.5 | 5.5 | 10y ago | The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application,… | |||
| CVE-2016-3920 | medium | 5.5 | 5.5 | 10y ago | id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (… | |||
| CVE-2016-3918 | medium | 5.5 | 5.5 | 10y ago | email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain … | |||
| CVE-2016-3908 | medium | 5.5 | 5.5 | 10y ago | The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device's PIN or password, and consequently gain privileges, via a crafted application… | |||
| CVE-2016-3902 | medium | 5.5 | 5.5 | 10y ago | drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted applicatio… | |||
| CVE-2016-3860 | medium | 5.5 | 5.5 | 10y ago | sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via… | |||
| CVE-2016-7424 | medium | 5.5 | 5.5 | 10y ago | The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 fil… | |||
| CVE-2016-6494 | medium | 5.5 | 5.5 | 10y ago | The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. | |||
| CVE-2016-1372 | medium | 5.5 | 5.5 | 10y ago | ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. | |||
| CVE-2016-1371 | medium | 5.5 | 5.5 | 10y ago | ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. | |||
| CVE-2016-0617 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors. | |||
| CVE-2016-8279 | medium | 5.5 | 5.5 | 10y ago | The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 … | |||
| CVE-2016-4771 | medium | 5.5 | 5.5 | 10y ago | The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname. | |||
| CVE-2016-4755 | medium | 5.5 | 5.5 | 10y ago | Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2016-4752 | medium | 5.5 | 5.5 | 10y ago | The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering… | |||
| CVE-2016-4742 | medium | 5.5 | 5.5 | 10y ago | NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. | |||
| CVE-2016-4706 | medium | 5.5 | 5.5 | 10y ago | cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2016-6265 | medium | 5.5 | 5.5 | 10y ago | Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | |||
| CVE-2016-7166 | medium | 5.5 | 5.5 | 10y ago | libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip… | |||
| CVE-2016-4719 | medium | 5.5 | 5.5 | 10y ago | The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted a… | |||
| CVE-2016-5927 | medium | 5.5 | 5.5 | 10y ago | IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is config… | |||
| CVE-2016-3899 | medium | 5.5 | 5.5 | 10y ago | OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer… | |||
| CVE-2016-3898 | medium | 5.5 | 5.5 | 10y ago | Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service (loss of locked-screen 911 TTY functionalit… | |||
| CVE-2016-3897 | medium | 5.5 | 5.5 | 10y ago | The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the… | |||
| CVE-2016-3896 | medium | 5.5 | 5.5 | 10y ago | AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted appli… | |||
| CVE-2016-3895 | medium | 5.5 | 5.5 | 10y ago | Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via… | |||
| CVE-2016-3894 | medium | 5.5 | 5.5 | 10y ago | The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29618014 and Qualcomm i… | |||
| CVE-2016-3893 | medium | 5.5 | 5.5 | 10y ago | The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which allo… | |||
| CVE-2016-3892 | medium | 5.5 | 5.5 | 10y ago | The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28760543 a… | |||
| CVE-2016-3884 | medium | 5.5 | 5.5 | 10y ago | server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass i… | |||
| CVE-2016-3883 | medium | 5.5 | 5.5 | 10y ago | internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct wa… | |||
| CVE-2016-3881 | medium | 5.5 | 5.5 | 10y ago | The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09… | |||
| CVE-2016-3880 | medium | 5.5 | 5.5 | 10y ago | Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2… | |||
| CVE-2016-3879 | medium | 5.5 | 5.5 | 10y ago | arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL … |