Skip to main content
CVE-2015-0576 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-8270 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8266 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8265 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-9684 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Linux Google Qualcomm Race Condition +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8262 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Denial Of Service Linux Google Qualcomm Race Condition +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8267 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Linux Buffer Overflow Google Integer Overflow Qualcomm +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-10811 MEDIUM This Month

Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wcr 1166Ds Firmware
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2015-1878 MEDIUM This Month

Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Nshield Connect Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2017-12957 MEDIUM This Month

There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Exiv2
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2017-12956 MEDIUM This Month

There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Exiv2
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2017-12927 MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Cacti
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2015-5057 MEDIUM This Month

Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Broken Link Checker
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-9816 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Prtg Network Monitor
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12948 MEDIUM This Month

Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Pressforward
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1501 MEDIUM PATCH This Month

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2017-12859 MEDIUM PATCH This Month

NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Data Ontap
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2017-8254 MEDIUM PATCH This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0687 MEDIUM PATCH This Month

A denial of service vulnerability in the Android media framework (libavc). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-8445 MEDIUM This Month

An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure X Pack
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-1338 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Doors Next Generation Rational Requirements Composer
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-12882 MEDIUM PATCH This Month

Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Java File Upload Spring Batch Admin
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-8446 MEDIUM PATCH This Month

The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure X Pack X Pack Reporting
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-9682 MEDIUM This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Linux Google Qualcomm Information Disclosure +1
NVD
CVSS 3.0
4.7
EPSS
0.1%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy