CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4351 CVE-2016-2875 77 Exec Code 2016-08-07 2016-11-28
9.0
None Remote Low Single system Complete Complete Complete
IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors.
4352 CVE-2016-2844 20 DoS 2016-03-05 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.
4353 CVE-2016-2843 DoS 2016-03-05 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
4354 CVE-2016-2842 119 DoS Overflow 2016-03-03 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
4355 CVE-2016-2834 DoS Mem. Corr. 2016-06-13 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
4356 CVE-2016-2807 119 DoS Exec Code Overflow Mem. Corr. 2016-04-30 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
4357 CVE-2016-2806 119 DoS Exec Code Overflow Mem. Corr. 2016-04-30 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
4358 CVE-2016-2805 119 DoS Exec Code Overflow Mem. Corr. 2016-04-30 2017-06-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
4359 CVE-2016-2804 119 DoS Exec Code Overflow Mem. Corr. 2016-04-30 2017-06-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
4360 CVE-2016-2799 119 DoS Overflow 2016-03-13 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
4361 CVE-2016-2794 119 DoS Overflow 2016-03-13 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
4362 CVE-2016-2783 19 2017-01-23 2017-01-26
10.0
None Remote Low Not required Complete Complete Complete
Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames.
4363 CVE-2016-2554 119 DoS Overflow 2016-05-16 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.
4364 CVE-2016-2508 119 DoS Exec Code Overflow Mem. Corr. 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28799341.
4365 CVE-2016-2507 119 DoS Exec Code Overflow Mem. Corr. 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28532266.
4366 CVE-2016-2506 119 DoS Exec Code Overflow Mem. Corr. 2016-07-10 2016-07-11
10.0
None Remote Low Not required Complete Complete Complete
DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045.
4367 CVE-2016-2505 119 DoS Exec Code Overflow Mem. Corr. 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28333006.
4368 CVE-2016-2503 264 +Priv 2016-07-10 2016-07-11
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28084795 and Qualcomm internal bug CR1006067.
4369 CVE-2016-2502 264 +Priv 2016-07-10 2016-07-11
9.3
None Remote Medium Not required Complete Complete Complete
drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSER_IOCTL ioctl call, aka Android internal bug 27657963 and Qualcomm internal bug CR997044.
4370 CVE-2016-2501 264 +Priv 2016-07-10 2016-07-11
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 27890772 and Qualcomm internal bug CR1001092.
4371 CVE-2016-2496 264 2016-06-12 2016-06-14
10.0
None Remote Low Not required Complete Complete Complete
The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796.
4372 CVE-2016-2494 264 +Priv 2016-06-12 2016-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658.
4373 CVE-2016-2493 264 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522.
4374 CVE-2016-2492 264 +Priv 2016-06-12 2016-06-16
9.3
None Remote Medium Not required Complete Complete Complete
The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410.
4375 CVE-2016-2491 264 +Priv 2016-06-12 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408.
4376 CVE-2016-2490 264 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373.
4377 CVE-2016-2489 264 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407629.
4378 CVE-2016-2488 264 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27600832.
4379 CVE-2016-2487 20 +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27833616.
4380 CVE-2016-2486 20 +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793371.
4381 CVE-2016-2485 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793367.
4382 CVE-2016-2484 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793163.
4383 CVE-2016-2483 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27662502.
4384 CVE-2016-2482 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27661749.
4385 CVE-2016-2481 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532497.
4386 CVE-2016-2480 20 +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
The mm-video-v4l2 vidc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate certain OMX parameter data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532721.
4387 CVE-2016-2479 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532282.
4388 CVE-2016-2478 20 +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27475409.
4389 CVE-2016-2477 20 +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27251096.
4390 CVE-2016-2476 119 Overflow +Priv 2016-06-12 2016-06-13
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27207275.
4391 CVE-2016-2474 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 27424603.
4392 CVE-2016-2473 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501.
4393 CVE-2016-2472 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27776888.
4394 CVE-2016-2471 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27773913.
4395 CVE-2016-2470 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27662174.
4396 CVE-2016-2469 +Priv 2016-06-12 2017-08-12
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27531992.
4397 CVE-2016-2468 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 devices allows attackers to gain privileges via a crafted application, aka internal bug 27475454.
4398 CVE-2016-2467 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28029010.
4399 CVE-2016-2466 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka internal bug 27947307.
4400 CVE-2016-2465 +Priv 2016-06-12 2016-06-14
9.3
None Remote Medium Not required Complete Complete Complete
The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407865.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.