Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A denial of service vulnerability in decoder/ihevcd_decode.c in libhevc in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.