VYPR

CVEs

100,082 total · page 1965 of 2,002

  • CVE-2016-2828HigJun 13, 2016
    risk 0.57cvss 8.8epss 0.03

    Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.

  • CVE-2016-2826HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file.

  • CVE-2016-2824HigJun 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use…

  • CVE-2016-2821HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by…

  • CVE-2016-2819HigJun 13, 2016
    risk 0.62cvss 8.8epss 0.24

    Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.

  • CVE-2016-2818HigJun 13, 2016
    risk 0.58cvss 8.8epss 0.04

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2016-2815HigJun 13, 2016
    risk 0.57cvss 8.8epss 0.03

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2016-2494HigJun 13, 2016
    risk 0.54cvss 7.8epss 0.02

    Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug…

  • CVE-2016-2493HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522.

  • CVE-2016-2492HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410.

  • CVE-2016-2491HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408.

  • CVE-2016-2490HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373.

  • CVE-2016-2489HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407629.

  • CVE-2016-2488HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27600832.

  • CVE-2016-2487HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug…

  • CVE-2016-2486HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to gain privileges via a…

  • CVE-2016-2485HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by…

  • CVE-2016-2484HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by…

  • CVE-2016-2483HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature…

  • CVE-2016-2482HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature…

  • CVE-2016-2481HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature…

  • CVE-2016-2480HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The mm-video-v4l2 vidc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate certain OMX parameter data structures, which allows attackers to gain privileges via a crafted application, as…

  • CVE-2016-2479HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature…

  • CVE-2016-2478HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining…

  • CVE-2016-2477HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining…

  • CVE-2016-2476HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access,…

  • CVE-2016-2475HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges for certain system calls via a crafted application, aka internal bug 26425765.

  • CVE-2016-2474HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 27424603.

  • CVE-2016-2472HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27776888.

  • CVE-2016-2471HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27773913.

  • CVE-2016-2470HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27662174.

  • CVE-2016-2469HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27531992.

  • CVE-2016-2468HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 devices allows attackers to gain privileges via a crafted application, aka internal bug 27475454.

  • CVE-2016-2467HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28029010.

  • CVE-2016-2466HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka internal bug 27947307.

  • CVE-2016-2465HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407865.

  • CVE-2016-2464HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.02

    libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726.

  • CVE-2016-2463HigJun 13, 2016
    risk 0.55cvss 8.4epss 0.01

    Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…

  • CVE-2016-2066HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a…

  • CVE-2016-2061HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory…

  • CVE-2016-3706HigJun 10, 2016
    risk 0.49cvss 7.5epss 0.06

    Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an…

  • CVE-2016-4494HigJun 10, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file.

  • CVE-2016-1421HigJun 10, 2016
    risk 0.49cvss 7.5epss 0.04

    A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the…

  • CVE-2016-1420HigJun 10, 2016
    risk 0.51cvss 7.8epss 0.00

    The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.

  • CVE-2016-1419HigJun 10, 2016
    risk 0.53cvss 8.1epss 0.01

    Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803.

  • CVE-2016-0910HigJun 10, 2016
    risk 0.57cvss 8.8epss 0.00

    EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors.

  • CVE-2015-8268HigJun 10, 2016
    risk 0.49cvss 7.5epss 0.03

    The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2016-4449HigJun 9, 2016
    risk 0.46cvss 7.1epss 0.02

    XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified…

  • CVE-2016-4447HigJun 9, 2016
    risk 0.50cvss 7.5epss 0.14

    The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

  • CVE-2016-2150HigJun 9, 2016
    risk 0.46cvss 7.1epss 0.00

    SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.