Skip to main content
CVE-2014-9961 HIGH This Week

In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Google Authentication Bypass Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-4596 HIGH This Week

Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Lenovo Mouse Suite
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8238 HIGH This Week

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8237 HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8236 HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8241 HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8234 HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8233 HIGH PATCH This Week

In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7373 HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7371 HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Use After Free Google Information Disclosure Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7367 HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7365 HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9552 HIGH This Week

A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Synology Information Disclosure Photo Station
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-5391 HIGH PATCH This Week

libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libreswan Fedora
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-3220 HIGH PATCH This Week

The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Python Tlslite
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-3704 HIGH PATCH This Week

Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Fedora Pulp
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-6671 HIGH This Week

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Email Security Appliance Firmware
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-6680 HIGH This Week

A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ultra Services Framework
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-4972 HIGH This Week

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cf Release Cloud Foundry Uaa Bosh Cloud Foundry Uaa
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-4994 HIGH This Week

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Uaa Bosh Cloud Foundry Cf Cloud Foundry Uaa
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-6674 HIGH This Week

A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Firesight System
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-4975 HIGH This Week

An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Pcf Tile Generator
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-9604 HIGH PATCH This Week

KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kmail Messagelib
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-4991 HIGH PATCH This Week

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Cf Release Cloud Foundry Uaa Bosh Cloud Foundry Uaa
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2016-10339 HIGH This Week

In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2017-7370 HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Use After Free Google Information Disclosure Memory Corruption +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2015-9022 HIGH This Week

In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2014-9966 HIGH This Week

In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-7372 HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Buffer Overflow Google Linux Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-7368 HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-4974 MEDIUM PATCH This Month

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Cf Release Cloud Foundry Uaa Bosh Cloud Foundry Uaa
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2017-6655 MEDIUM This Month

A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Mds 9000 Nx Os Nx Os For Nexus 5500 Platform Switches +3
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2016-8219 MEDIUM This Month

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Capi Release Cf Release
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2017-6673 MEDIUM This Month

A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Secure Firewall Management Center
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-6691 MEDIUM This Month

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-6697 MEDIUM This Month

A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-4965 MEDIUM This Month

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rabbitmq Server Rabbitmq Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2017-4967 MEDIUM This Month

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rabbitmq Server Rabbitmq Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2017-6661 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Content Security Management Appliance Email Security Appliance
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6670 MEDIUM This Month

A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cisco Unified Communications Domain Manager
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6675 MEDIUM This Month

A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Industrial Network Director
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6656 MEDIUM This Month

A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Ip Phone 8800 Series
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2017-6666 MEDIUM This Month

A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Ios Xr
NVD
CVSS 3.0
6.0
EPSS
0.1%
CVE-2017-4970 MEDIUM This Month

An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Cf Release Staticfile Buildpack
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-8242 MEDIUM PATCH This Month

In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2016-10332 MEDIUM This Month

In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8239 MEDIUM PATCH This Month

In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-9605 MEDIUM PATCH This Month

The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-10337 MEDIUM This Month

In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-10336 MEDIUM This Month

In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy