Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4165 | 1 Adobe | 1 Brackets | 2016-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input. | |||||
| CVE-2016-1418 | 1 Cisco | 7 Aironet 1830e, Aironet 1830i, Aironet 1850e and 4 more | 2016-06-15 | 7.2 HIGH | 7.8 HIGH |
| Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037. | |||||
| CVE-2015-1808 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 3.5 LOW | N/A |
| Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. | |||||
| CVE-2016-2495 | 1 Google | 1 Android | 2016-06-14 | 7.1 HIGH | 5.5 MEDIUM |
| SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28076789. | |||||
| CVE-2016-2464 | 1 Google | 1 Android | 2016-06-14 | 9.3 HIGH | 7.8 HIGH |
| libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726. | |||||
| CVE-2016-2475 | 1 Google | 1 Android | 2016-06-14 | 6.8 MEDIUM | 7.8 HIGH |
| The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges for certain system calls via a crafted application, aka internal bug 26425765. | |||||
| CVE-2013-0331 | 1 Jenkins | 1 Jenkins | 2016-06-13 | 4.0 MEDIUM | N/A |
| Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload. | |||||
| CVE-2016-2486 | 1 Google | 1 Android | 2016-06-13 | 9.3 HIGH | 7.8 HIGH |
| mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793371. | |||||
| CVE-2016-2478 | 1 Google | 1 Android | 2016-06-13 | 9.3 HIGH | 7.8 HIGH |
| mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27475409. | |||||
| CVE-2016-2480 | 1 Google | 1 Android | 2016-06-13 | 9.3 HIGH | 7.8 HIGH |
| The mm-video-v4l2 vidc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate certain OMX parameter data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532721. | |||||
| CVE-2016-2487 | 1 Google | 1 Android | 2016-06-13 | 9.3 HIGH | 7.8 HIGH |
| libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27833616. | |||||
| CVE-2016-2477 | 1 Google | 1 Android | 2016-06-13 | 9.3 HIGH | 7.8 HIGH |
| mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27251096. | |||||
| CVE-2016-4368 | 1 Hp | 3 Universal Cmbd Configuration Manager, Universal Cmbd Foundation, Universal Discovery | 2016-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | |||||
| CVE-2015-4393 | 1 Services Project | 1 Services | 2016-06-09 | 6.0 MEDIUM | N/A |
| The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary code via a crafted filename. | |||||
| CVE-2016-4545 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 6 more | 2016-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL alert during the handshake. | |||||
| CVE-2016-1403 | 1 Cisco | 1 Ip Phone 8800 Series Firmware | 2016-06-07 | 7.2 HIGH | 7.8 HIGH |
| CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005. | |||||
| CVE-2016-3944 | 1 Lenovo | 1 Accelerator Application | 2016-06-07 | 9.3 HIGH | 7.5 HIGH |
| UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com. | |||||
| CVE-2005-1795 | 1 Clam Anti-virus | 1 Clamav | 2016-05-25 | 7.5 HIGH | N/A |
| The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked. | |||||
| CVE-2016-4782 | 2 Google, Lenovo | 2 Android, Shareit | 2016-05-25 | 9.3 HIGH | 8.8 HIGH |
| Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack." | |||||
| CVE-2016-4087 | 1 Huawei | 4 S12700, S12700 Firmware, S5700 and 1 more | 2016-05-25 | 5.1 MEDIUM | 8.1 HIGH |
| Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets. | |||||