Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.6

    MEDIUM
    CVE-2016-0812

    The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows phy... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-0811

    Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 7.8

    HIGH
    CVE-2016-0810

    media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining ... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-0809

    Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted ap... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.2

    MEDIUM
    CVE-2016-0808

    Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that trigg... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-0807

    The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-0806

    The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453.... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.4

    HIGH
    CVE-2016-0805

    The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204.... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0804

    The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-0803

    libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-0802

    The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message... Read more

    Affected Products : android mac_os_x iphone_os tvos watchos
    • EPSS Score: %6.75
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-0801

    The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message... Read more

    Affected Products : android mac_os_x iphone_os tvos watchos
    • EPSS Score: %46.03
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1311

    Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224.... Read more

    Affected Products : jabber_guest
    • EPSS Score: %0.25
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1310

    Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033.... Read more

    Affected Products : opensolaris unity_connection
    • EPSS Score: %0.25
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-1306

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466.... Read more

    Affected Products : opensolaris fog_director
    • EPSS Score: %0.25
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2015-7916

    Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.... Read more

    Affected Products : moduweb_vision moduweb_vision
    • EPSS Score: %0.16
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7915

    Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.... Read more

    Affected Products : moduweb_vision
    • EPSS Score: %0.76
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-7914

    Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password.... Read more

    Affected Products : moduweb_vision
    • EPSS Score: %0.78
    • Published: Feb. 06, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-0862

    General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.... Read more

    • EPSS Score: %19.23
    • Published: Feb. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.0

    HIGH
    CVE-2016-0861

    General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : ups_snmp_web_adapter_firmware
    • EPSS Score: %10.06
    • Published: Feb. 05, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291712 Results