Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-04-19 CVE-2015-8778 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
network
low complexity
fedoraproject debian canonical gnu suse opensuse CWE-119
critical
9.8
2016-04-19 CVE-2015-8776 Numeric Errors vulnerability in multiple products
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
network
low complexity
suse opensuse canonical debian fedoraproject gnu CWE-189
critical
9.1
2016-04-19 CVE-2014-9761 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
network
low complexity
suse opensuse fedoraproject gnu canonical CWE-119
critical
9.8
2016-04-18 CVE-2016-1659 Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
debian suse opensuse canonical google
critical
9.8
2016-04-18 CVE-2016-2419 Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1
media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.
network
low complexity
google CWE-264
critical
9.8
2016-04-18 CVE-2016-2418 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1
media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358.
network
low complexity
google CWE-119
critical
9.8
2016-04-18 CVE-2016-2417 Permissions, Privileges, and Access Controls vulnerability in Google Android
media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474.
network
low complexity
google CWE-264
critical
9.8
2016-04-18 CVE-2016-2416 Permissions, Privileges, and Access Controls vulnerability in Google Android
libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permission, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via a dump request, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27046057.
network
low complexity
google CWE-264
critical
9.8
2016-04-18 CVE-2016-1503 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.
network
low complexity
dhcpcd-project google CWE-119
critical
9.8
2016-04-18 CVE-2016-0841 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840.
network
low complexity
google CWE-119
critical
9.8