Vulnerabilities (CVE)

Total 17698 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3742 1 Google 1 Android 2016-07-11 7.5 HIGH 9.8 CRITICAL
decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659.
CVE-2016-3743 1 Google 1 Android 2016-07-11 7.5 HIGH 9.8 CRITICAL
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656.
CVE-2016-3741 1 Google 1 Android 2016-07-11 7.5 HIGH 9.8 CRITICAL
The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661.
CVE-2016-3745 1 Google 1 Android 2016-07-11 7.5 HIGH 9.8 CRITICAL
Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28173666.
CVE-2016-2506 1 Google 1 Android 2016-07-11 10.0 HIGH 9.8 CRITICAL
DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045.
CVE-2016-0391 1 Ibm 2 Bluemix, Watson Developer Cloud 2016-07-07 7.5 HIGH 9.8 CRITICAL
The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
CVE-2016-0224 1 Ibm 1 Marketing Platform 2016-06-28 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-1209 1 Ninjaforms 1 Ninja Forms 2016-06-23 7.5 HIGH 9.8 CRITICAL
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
CVE-2016-4819 1 Dx Library Project 1 Dx Library 2016-06-23 7.5 HIGH 9.8 CRITICAL
The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13f through 3.16b, DX Library for Gnu C++ 3.13f through 3.16b, and DX Library for Visual C++ 3.13f through 3.16b allows remote attackers to execute arbitrary code via a crafted string.
CVE-2016-2362 1 Fonality 1 Fonality 2016-06-21 10.0 HIGH 9.8 CRITICAL
Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection.
CVE-2016-3642 1 Solarwinds 1 Virtualization Manager 2016-06-20 10.0 HIGH 9.8 CRITICAL
The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
CVE-2016-5302 1 Citrix 1 Xenserver 2016-06-20 7.5 HIGH 9.8 CRITICAL
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.
CVE-2016-4167 1 Adobe 1 Dng Software Development Kit 2016-06-17 7.5 HIGH 9.8 CRITICAL
Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-4165 1 Adobe 1 Brackets 2016-06-17 10.0 HIGH 9.8 CRITICAL
The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input.
CVE-2016-5365 1 Huawei 2 Honor Ws851, Honor Ws851 Firmware 2016-06-14 10.0 HIGH 9.8 CRITICAL
Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051.
CVE-2016-2496 1 Google 1 Android 2016-06-14 10.0 HIGH 9.8 CRITICAL
The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796.
CVE-2016-2473 1 Google 1 Android 2016-06-14 9.3 HIGH 9.8 CRITICAL
The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501.
CVE-2016-4328 1 Medhost 1 Perioperative Information Management System 2016-06-10 10.0 HIGH 9.8 CRITICAL
MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server.
CVE-2016-4326 1 Chef 1 Chef Manage 2016-06-10 7.5 HIGH 9.8 CRITICAL
The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie.
CVE-2016-4368 1 Hp 3 Universal Cmbd Configuration Manager, Universal Cmbd Foundation, Universal Discovery 2016-06-10 7.5 HIGH 9.8 CRITICAL
HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.