Skip to main content
CVE-2017-0588 HIGH PATCH This Week

A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0587 HIGH PATCH This Week

A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0596 HIGH PATCH This Week

An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0595 HIGH PATCH This Week

An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-4864 HIGH PATCH This Week

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure H2O
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2017-0594 HIGH PATCH This Week

An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0597 HIGH PATCH This Week

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-10275 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm RCE Google Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8245 HIGH This Week

In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Linux Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2017-0604 HIGH PATCH This Week

An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-10276 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm RCE Google Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-10274 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Mediatek Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8246 HIGH This Week

In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Linux Use After Free Google Information Disclosure Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2017-0593 HIGH PATCH This Week

An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Authentication Bypass Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7484 HIGH This Week

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2017-0248 HIGH PATCH This Week

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Net Framework
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-5654 HIGH This Week

In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ambari
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-0212 HIGH PATCH This Week

Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows. Rated high severity (CVSS 7.6).

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.6
EPSS
0.4%
CVE-2017-8921 HIGH PATCH This Week

In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Flightgear
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-0279 HIGH PATCH This Week

The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.0
EPSS
2.0%
CVE-2017-0278 HIGH PATCH This Week

The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.0
EPSS
2.0%
CVE-2017-0277 HIGH PATCH This Week

The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.0
EPSS
2.0%
CVE-2017-2157 HIGH PATCH This Week

Untrusted search path vulnerability in installers for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.1 and earlier, The Public. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Microsoft Information Disclosure The Public Certification Service For Individuals
NVD
CVSS 3.0
7.3
EPSS
0.2%
CVE-2017-0606 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2016-10288 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Privilege Escalation Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2016-10289 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Privilege Escalation Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2016-10283 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Privilege Escalation Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0612 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service RCE Qualcomm Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0607 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0623 HIGH PATCH This Week

An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0622 HIGH PATCH This Week

An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0621 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0614 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Qualcomm Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0613 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0611 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Qualcomm Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0610 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0609 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0608 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Google Qualcomm Memory Corruption +1
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2016-10291 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Privilege Escalation Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2016-10287 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Privilege Escalation Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2016-10286 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Privilege Escalation Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2016-10284 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Privilege Escalation Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2016-10290 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Privilege Escalation Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2016-10285 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Privilege Escalation Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-0620 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Linux Kernel Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-0617 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-0616 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-0615 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-0465 HIGH PATCH This Week

An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Qualcomm Google Linux Kernel +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-0618 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy