VYPR

CVEs

38,009 total · page 724 of 761

  • CVE-2016-2478HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining…

  • CVE-2016-2477HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining…

  • CVE-2016-2476HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access,…

  • CVE-2016-2475HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges for certain system calls via a crafted application, aka internal bug 26425765.

  • CVE-2016-2474HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 27424603.

  • CVE-2016-2472HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27776888.

  • CVE-2016-2471HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27773913.

  • CVE-2016-2470HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27662174.

  • CVE-2016-2469HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27531992.

  • CVE-2016-2468HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 devices allows attackers to gain privileges via a crafted application, aka internal bug 27475454.

  • CVE-2016-2467HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28029010.

  • CVE-2016-2466HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka internal bug 27947307.

  • CVE-2016-2465HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407865.

  • CVE-2016-2464HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.02

    libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726.

  • CVE-2016-2463HigJun 13, 2016
    risk 0.55cvss 8.4epss 0.01

    Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…

  • CVE-2016-2066HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a…

  • CVE-2016-2061HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory…

  • CVE-2016-3706HigJun 10, 2016
    risk 0.49cvss 7.5epss 0.06

    Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an…

  • CVE-2016-4494HigJun 10, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file.

  • CVE-2016-1421HigJun 10, 2016
    risk 0.49cvss 7.5epss 0.04

    A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the…

  • CVE-2016-1420HigJun 10, 2016
    risk 0.51cvss 7.8epss 0.00

    The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.

  • CVE-2016-1419HigJun 10, 2016
    risk 0.53cvss 8.1epss 0.01

    Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803.

  • CVE-2016-0910HigJun 10, 2016
    risk 0.57cvss 8.8epss 0.00

    EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors.

  • CVE-2015-8268HigJun 10, 2016
    risk 0.49cvss 7.5epss 0.03

    The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2016-4449HigJun 9, 2016
    risk 0.46cvss 7.1epss 0.02

    XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified…

  • CVE-2016-4447HigJun 9, 2016
    risk 0.50cvss 7.5epss 0.14

    The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

  • CVE-2016-2150HigJun 9, 2016
    risk 0.46cvss 7.1epss 0.00

    SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

  • CVE-2016-4523HigKEVJun 9, 2016
    risk 0.63cvss 7.5epss 0.31

    The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.

  • CVE-2016-4370HigJun 9, 2016
    risk 0.57cvss 8.8epss 0.02

    HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.

  • CVE-2016-3738HigJun 8, 2016
    risk 0.57cvss 8.8epss 0.02

    Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.

  • CVE-2016-3708HigJun 8, 2016
    risk 0.46cvss 7.1epss 0.01

    Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder…

  • CVE-2016-2160HigJun 8, 2016
    risk 0.51cvss 8.8epss 0.04

    Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.

  • CVE-2016-4369HigJun 8, 2016
    risk 0.57cvss 8.8epss 0.02

    HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

  • CVE-2016-4367HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.08

    The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-4365HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-4364HigJun 8, 2016
    risk 0.55cvss 8.4epss 0.01

    HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors.

  • CVE-2016-4362HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2016-4361HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.08

    HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow…

  • CVE-2016-4358HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.01

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.

  • CVE-2016-4357HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.

  • CVE-2016-2030HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022.

  • CVE-2016-2028HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.

  • CVE-2016-2027HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.

  • CVE-2016-2026HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.

  • CVE-2016-2022HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030.

  • CVE-2016-2021HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2020HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2019HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2017HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-1418HigJun 8, 2016
    risk 0.51cvss 7.8epss 0.00

    Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037.