In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.