Skip to main content
CVE-2017-11024 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can potentially lead to a Use After. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Linux Use After Free Google Memory Corruption +2
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11017 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a specially crafted UBI image, it is possible to corrupt memory, or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9721 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the boot loader, a buffer overflow can occur while parsing the splash image. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9719 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9690 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Buffer Overflow Google Integer Overflow Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11085 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading to a buffer overflow due to improper bound checking in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11035 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "sme_set_ft_ies" and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11029 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers "user-memory-access" issue as the Camera CPP module Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0865 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek soc driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0864 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0863 HIGH PATCH This Week

An elevation of privilege vulnerability in the Upstream kernel video driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0842 HIGH PATCH This Week

An elevation of privilege vulnerability in the Android system (bluetooth). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9702 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11073 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qcacld pktlog allows mapping memory via /proc/ath_pktlog/cld to user space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11038 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11032 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a double free can occur when kmalloc fails to allocate memory for pointers resp/req in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11027 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11023 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11018 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0862 HIGH PATCH This Week

An elevation of privilege vulnerability in the Upstream kernel kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0843 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek ccci. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0838 HIGH PATCH This Week

An elevation of privilege vulnerability in the Android media framework (libstagefright). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11012 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Linux Buffer Overflow Google Memory Corruption Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-12316 HIGH This Week

A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Identity Services Engine Software
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2017-12318 HIGH This Week

A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Rf Gateway 1 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-11089 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-14028 HIGH This Week

A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nport 5110 Firmware Nport 5130 Firmware Nport 5150 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-16719 HIGH This Week

An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Nport 5110 Firmware Nport 5130 Firmware Nport 5150 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-0845 HIGH PATCH This Week

A denial of service vulnerability in the Android framework (syncstorageengine). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Denial Of Service Google Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-9701 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-9696 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11093 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer Over-read in Display due to the lack of an upper-bound validation when reading. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11090 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11058 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-0840 HIGH PATCH This Week

An information disclosure vulnerability in the Android media framework (libstagefright). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-0839 HIGH PATCH This Week

An information disclosure vulnerability in the Android media framework (libeffects). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11028 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-0858 HIGH PATCH This Week

Another vulnerability in the Android media framework (n/a). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-0859 HIGH PATCH This Week

Another vulnerability in the Android media framework (n/a). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-0857 HIGH PATCH This Week

Another vulnerability in the Android media framework (n/a). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-0852 HIGH PATCH This Week

A denial of service vulnerability in the Android media framework (libhevc). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Google Denial Of Service Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-8279 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Google Race Condition Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11025 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption. Rated high severity (CVSS 7.0).

Linux Buffer Overflow Google Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-12305 MEDIUM This Month

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Ip Phone 8800 Series Firmware
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2017-12313 MEDIUM This Month

An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Cisco Packet Tracer
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-12312 MEDIUM This Month

An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Cisco Advanced Malware Protection For Endpoints
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-16867 MEDIUM This Month

Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Amazon Key Firmware
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2017-16866 MEDIUM PATCH This Month

dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Finecms
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-12304 MEDIUM This Month

A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Cisco iOS
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12323 MEDIUM This Month

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Registered Envelope Service
NVD
CVSS 3.0
6.1
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy