Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-3760

    Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683.... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2016-3759

    The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to read backup data via a crafted application that leverages priv-app access to insert a backup transport, aka internal bug 28406080.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3758

    Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides a long filena... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.0

    HIGH
    CVE-2016-3757

    The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a mem... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3756

    Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attackers to cause a denial of service (device hang or reboot) v... Read more

    Affected Products : android
    • EPSS Score: %0.34
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3755

    decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 284701... Read more

    Affected Products : android
    • EPSS Score: %0.34
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3754

    mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, ak... Read more

    Affected Products : android
    • EPSS Score: %0.73
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3753

    mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via unspecified vectors, aka internal bug 27210135.... Read more

    Affected Products : android
    • EPSS Score: %0.17
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3752

    internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423.... Read more

    Affected Products : android
    • EPSS Score: %0.08
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3751

    Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signatur... Read more

    Affected Products : android libpng
    • EPSS Score: %0.10
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3750

    libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation pr... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-3749

    server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 28163930.... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-3748

    The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804.... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3747

    Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated b... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-3746

    Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated b... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-3745

    Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obt... Read more

    Affected Products : android
    • EPSS Score: %0.18
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-3744

    Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to gain privileges via a crafted pairing operation, aka i... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-3743

    decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka intern... Read more

    Affected Products : android
    • EPSS Score: %0.73
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-3742

    decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28... Read more

    Affected Products : android
    • EPSS Score: %0.73
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-3741

    The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 2... Read more

    Affected Products : android
    • EPSS Score: %1.17
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291219 Results