Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2016-3897

    The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the return value of a toString method call, which allows at... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-3896

    AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted application, aka internal bug 29767043.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-3895

    Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-3894

    The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29618014 and Qualcomm internal bug CR1042033.... Read more

    Affected Products : android
    • EPSS Score: %0.12
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-3893

    The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwdep.c in the Qualcomm sound codec in Android before 2016-09-05 on Nexus 6P devices does not properly copy firmware data, which allows attackers to obtain sensitive information via a craft... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-3892

    The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28760543 and Qualcomm internal bug CR1024197.... Read more

    Affected Products : android
    • EPSS Score: %0.17
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-3890

    The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafte... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-3889

    Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a system application, (2) the help feature, or (3) the Setting... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2016-3888

    internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, ... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3887

    providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOW_CONFIG_VPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-3886

    systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate attackers to gain privileges by modifying a setting, aka interna... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3885

    debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privilege... Read more

    Affected Products : android
    • EPSS Score: %0.14
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-3884

    server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted appli... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-3883

    internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attacker... Read more

    Affected Products : android
    • EPSS Score: %0.12
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-3881

    The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service... Read more

    Affected Products : android
    • EPSS Score: %0.40
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-3880

    Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of se... Read more

    Affected Products : android
    • EPSS Score: %0.48
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-3879

    arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a cr... Read more

    Affected Products : android
    • EPSS Score: %0.41
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-3878

    decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002.... Read more

    Affected Products : android
    • EPSS Score: %0.41
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3877

    Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors.... Read more

    Affected Products : android
    • EPSS Score: %0.16
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.2

    HIGH
    CVE-2016-3876

    providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291722 Results