Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2016-2428 | libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339. | 9.8 | 2.06% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2429 | libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted media file, aka internal bug 27211885. | 9.8 | 2.02% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2430 | libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236. | 7.8 | 0.41% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2431 | The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809. | 7.8 | 1.78% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2432 | The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059. | 7.8 | 0.39% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2434 | The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090. | 7.8 | 1.25% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2435 | The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27297988. | 7.8 | 0.52% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2436 | The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27299111. | 7.8 | 0.42% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2437 | The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27436822. | 7.8 | 0.50% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2438 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-2547, CVE-2016-2548. Reason: This candidate is a duplicate of CVE-2016-2547 and CVE-2016-2548. Notes: All CVE users should reference CVE-2016-2547 and/or CVE-2016-2548 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | N/A | 0.27% | 2016-05-09 | 2023-11-06 |
| CVE-2016-2439 | Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows remote attackers to execute arbitrary code via a long PIN value, aka internal bug 27411268. | 8.8 | 0.52% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2440 | libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896. | 7.8 | 0.46% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2441 | The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26354602. | 7.0 | 0.43% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2442 | The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26494907. | 7.0 | 0.37% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2443 | The Qualcomm MDP driver in Android before 2016-05-01 on Nexus 5 and Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 26404525. | 7.0 | 0.38% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2444 | The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332. | 7.0 | 0.37% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2445 | The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079. | 7.0 | 0.46% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2446 | The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354. | 7.0 | 0.42% | 2016-05-09 | 2026-06-16 |
| CVE-2016-2447 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4477. Reason: This candidate is a reservation duplicate of CVE-2016-4477. Notes: All CVE users should reference CVE-2016-4477 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | N/A | 0.27% | 2016-05-09 | 2023-11-06 |
| CVE-2016-2448 | media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27533704. | 7.8 | 0.41% | 2016-05-09 | 2026-06-16 |