Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.6

    MEDIUM
    CVE-2016-2421

    Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410.... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2420

    rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620.... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2419

    media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection... Read more

    Affected Products : android
    • EPSS Score: %0.20
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2418

    media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mec... Read more

    Affected Products : android
    • EPSS Score: %0.20
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2417

    media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memor... Read more

    Affected Products : android
    • EPSS Score: %13.16
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2416

    libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive informatio... Read more

    Affected Products : android
    • EPSS Score: %0.29
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.1

    HIGH
    CVE-2016-2415

    exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sensitive information via a crafted application that trigge... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 6.2

    MEDIUM
    CVE-2016-2414

    The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) v... Read more

    Affected Products : android
    • EPSS Score: %0.50
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2413

    media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Sig... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2412

    include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, ... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2411

    A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2016-2410

    A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677.... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2409

    A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545.... Read more

    Affected Products : android
    • EPSS Score: %0.16
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1503

    dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of servic... Read more

    Affected Products : android dhcpcd
    • EPSS Score: %7.14
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-0850

    The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to bypass intended pairing restrictions via a crafted device, aka internal bug 26551752... Read more

    Affected Products : android
    • EPSS Score: %0.08
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-0849

    Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or S... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-0848

    Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, ... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-0847

    The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem ... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-0846

    libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted applic... Read more

    Affected Products : android
    • EPSS Score: %0.41
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-0844

    The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307.... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292118 Results