Skip to main content
CVE-2017-0601 MEDIUM PATCH This Month

An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-0493 MEDIUM PATCH This Month

An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-2122 MEDIUM PATCH This Month

Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nessus
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2016-4883 MEDIUM PATCH This Month

Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-4880 MEDIUM PATCH This Month

Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-4877 MEDIUM PATCH This Month

Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms Mail
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2016-4856 MEDIUM This Month

Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk
NVD
CVSS 3.0
4.8
EPSS
0.3%
CVE-2016-4858 MEDIUM This Month

Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-0190 MEDIUM PATCH This Month

The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
4.4
EPSS
2.1%
CVE-2017-0627 MEDIUM PATCH This Month

An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2017-0630 MEDIUM PATCH This Month

An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2016-10294 MEDIUM PATCH This Month

An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0634 MEDIUM PATCH This Month

An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0633 MEDIUM PATCH This Month

An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Broadcom Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0632 MEDIUM PATCH This Month

An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0631 MEDIUM PATCH This Month

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0629 MEDIUM PATCH This Month

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0628 MEDIUM PATCH This Month

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-10293 MEDIUM PATCH This Month

An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-10296 MEDIUM This Month

An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Qualcomm Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-10295 MEDIUM PATCH This Month

An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0603 MEDIUM PATCH This Month

A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Google Android
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-8924 MEDIUM PATCH This Month

The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Linux Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.0
4.6
EPSS
0.1%
CVE-2017-8900 MEDIUM PATCH This Month

LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Ubuntu Authentication Bypass Lightdm
NVD
CVSS 3.0
4.6
EPSS
0.1%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy