Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-1954

    The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote... Read more

    • Published: Mar. 13, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1953

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/ar... Read more

    • Published: Mar. 13, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1952

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via... Read more

    • Published: Mar. 13, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2016-1950

    Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via craft... Read more

    • Published: Mar. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1621

    libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser... Read more

    Affected Products : android
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 6.6

    MEDIUM
    CVE-2016-0832

    Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042.... Read more

    Affected Products : android
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-0831

    The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive inf... Read more

    Affected Products : android
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2016-0830

    btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum ... Read more

    Affected Products : android
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-0829

    The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attack... Read more

    Affected Products : android
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-0828

    The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive inf... Read more

    Affected Products : android
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-0827

    Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSyst... Read more

    Affected Products : android
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-0826

    libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted appl... Read more

    Affected Products : android
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-0825

    The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug... Read more

    Affected Products : android
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 5.3

    MEDIUM
    CVE-2016-0824

    libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSys... Read more

    Affected Products : android
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2016-0823

    The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721... Read more

    Affected Products : android linux_kernel
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 7.6

    HIGH
    CVE-2016-0822

    The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324.... Read more

    Affected Products : android
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 5.5

    MEDIUM
    CVE-2016-0821

    The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-po... Read more

    Affected Products : android linux_kernel
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-0820

    The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358.... Read more

    Affected Products : android
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-0819

    The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034.... Read more

    Affected Products : android
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 5.9

    MEDIUM
    CVE-2016-0818

    The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, whic... Read more

    Affected Products : android
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292802 Results