Lucene search
+L

146 matches found

threatpost
threatpost
added 2016/09/09 2:6 p.m.10 views

Patched Android Libutils Vulnerability Harkens Back to Stagefright

This week’s Android Security Bulletin patched a calamity of vulnerabilities that threatened almost every device in circulation and illustrated the fragility of the Android ecosystem. The bulletin addressed more than 50 vulnerabilities, including nine rated critical by Google because of the...

8.3AI score
Exploits0References8
threatpost
threatpost
added 2016/09/07 9:0 a.m.23 views

Google Shuts Down Potentially Massive Android Bug

The Android ecosystem may have dodged another Stagefright-type of vulnerability. Google’s monthly Android Security Bulletin released on Tuesday not only patched the remaining Quadrooter vulnerabilities, but also fixed another wide-ranging flaw that could allow an attacker to easily compromise—or ...

9.3CVSS8AI score0.01559EPSS
Exploits0References3
osv
osv
added 2016/08/05 8:59 p.m.3 views

CVE-2016-3830

codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service device hang or reboot via crafted ADTS data, aka internal bug 29153599...

5.5CVSS7.3AI score0.00574EPSS
Exploits0References3
osv
osv
added 2016/08/05 8:59 p.m.5 views

CVE-2016-3827

codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28816956...

5.5CVSS7.3AI score0.00574EPSS
Exploits0References3
threatpost
threatpost
added 2016/08/04 6:5 p.m.28 views

How Bugs Lead to a Better Android

Google is used to taking a beating over Android vulnerabilities, but it says too often its hard work fixing vulnerabilities and keeping the platform safe goes unnoticed. “Over the seven years working on Android security vulnerabilities I’ve seen a lot of bugs and a lot of fear uncertainty and...

5.8CVSS7.4AI score0.00674EPSS
Exploits0References4
myhack58
myhack58
added 2016/07/25 12:0 a.m.11 views

Apple's operating system exposed new vulnerabilities in addition to the latest version without immune-vulnerability warning-the black bar safety net

Security researchers recently discovered that Appleoperating systemthere is a huge security vulnerability. Hackers only need to know your phone number, you can use this security vulnerability to steal the user's password. ! IDG according to foreign media reports, security researchers recently...

6.5AI score
Exploits0
osv
osv
added 2016/07/11 1:59 a.m.3 views

UBUNTU-CVE-2016-2506

DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...

9.8CVSS7.7AI score0.01666EPSS
Exploits0References3
nessus
nessus
added 2016/06/24 12:0 a.m.39 views

Mozilla Firefox ESR 45.x < 45.1 Multiple Vulnerabilities

Binary data 9379.prm...

10CVSS8.5AI score0.04692EPSS
Exploits0References8
threatpost
threatpost
added 2016/06/17 2:40 p.m.11 views

Google's Android Rewards Program Pays Out Half Million in First Year

Google wrapped up the first year of its Android Security Rewards program this week, a span of time that saw the company pay out just north of half a million dollars to security researchers who helped identify vulnerabilities in the mobile operating system. In all, the company paid 82 researchers ...

7.6AI score
Exploits0References5
bdu_fstec
bdu_fstec
added 2016/06/17 12:0 a.m.6 views

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the libstagefright component in the Android operating system’s media server is related to the lack of checks on the size of OMX buffers for GSM and G711 decoders. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially created...

9.3CVSS7.2AI score0.00419EPSS
Exploits0References3Affected Software1
osv
osv
added 2016/06/13 1:59 a.m.4 views

UBUNTU-CVE-2016-2495

SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service device hang or reboot via a crafted file, aka internal bug 28076789...

5.5CVSS6.5AI score0.00616EPSS
Exploits0References5
bdu_fstec
bdu_fstec
added 2016/05/12 12:0 a.m.9 views

Vulnerability of Firefox and Firefox ESR browsers, allowing attackers to execute arbitrary code

The vulnerability of the stagefright::SampleTable::parseSampleCencInfo function in the libstagefright component of Firefox and Firefox ESR browsers is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by manipulating CENC...

6.8CVSS8.3AI score0.0378EPSS
Exploits0References3Affected Software2
threatpost
threatpost
added 2016/05/10 12:5 p.m.12 views

FCC, FTC Investigate Mobile Security Update Practices

The glowing lack of public, real-world Stagefright exploits didn’t stop the U.S. government from using last summer’s blockbuster Android vulnerability as an illustration of the dangers facing mobile device users. Under the context of Stagefright exposing up to 1 billion devices to attack, the...

0.1AI score
Exploits0References6
thn
thn
added 2016/05/09 11:8 p.m.9 views

FCC takes initiative to Speed Up Mobile Security Updates

In Brief The Smartphone users are fed up with slow security updates, so two United States federal agencies have launched an official inquiry to know how manufacturers and carriers deal with mobile phone security updates and what they are doing to roll out patches as quickly as possible. The...

6.9AI score
Exploits0
osv
osv
added 2016/05/09 10:59 a.m.6 views

UBUNTU-CVE-2016-2450

codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining...

7.8CVSS7.3AI score0.00419EPSS
Exploits0References4
threatpost
threatpost
added 2016/05/02 2:0 p.m.53 views

Google Patches More Trouble in Mediaserver

Google has re-branded its monthly patch release, bringing a new name and new scope to the newly renamed Android Security Bulletin. While that may be new, the content is definitely familiar. Once again, critical remote code execution Mediaserver vulnerabilities dominate this month’s patches...

10CVSS1.4AI score0.0206EPSS
Exploits0References4
osv
osv
added 2016/04/30 5:59 p.m.4 views

DEBIAN-CVE-2016-2814

Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to...

8.8CVSS8.2AI score0.0378EPSS
Exploits0References1
nessus
nessus
added 2016/04/29 12:0 a.m.34 views

Firefox ESR 45.x < 45.1 Multiple Vulnerabilities

The version of Firefox ESR installed on the remote Windows host is 45.x prior to 45.1. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an attacker to corrupt memory, resulting in the execution of arbitrary code. CVE-2016-2806,...

10CVSS7.8AI score0.04692EPSS
Exploits0References7
nessus
nessus
added 2016/04/29 12:0 a.m.45 views

Firefox ESR < 38.8 Multiple Vulnerabilities (Mac OS X)

The version of Firefox ESR installed on the remote Mac OS X host is prior to 38.8. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an attacker to corrupt memory, resulting in the execution of arbitrary code. CVE-2016-2805, CVE-2016-280...

10CVSS7.7AI score0.04692EPSS
Exploits0References7
nessus
nessus
added 2016/04/29 12:0 a.m.44 views

Firefox ESR < 38.8 Multiple Vulnerabilities

The version of Firefox ESR installed on the remote Windows host is prior to 38.8. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an attacker to corrupt memory, resulting in the execution of arbitrary code. CVE-2016-2805, CVE-2016-2807...

10CVSS7.8AI score0.04692EPSS
Exploits0References7
Rows per page
Query Builder