Skip to main content
CVE-2017-14034 HIGH POC This Week

The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libbpg
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-13136 HIGH POC This Week

The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Libbpg
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-13135 HIGH POC This Week

A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libbpg
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-16777 HIGH POC This Week

If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp VMware Privilege Escalation Vagrant
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-15864 HIGH This Week

In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-15516 HIGH PATCH This Week

NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Snapcenter Server
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-16715 HIGH This Week

An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
8.6
EPSS
0.2%
CVE-2017-16853 HIGH This Week

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Opensaml Debian Linux
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2017-12350 HIGH This Week

A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Umbrella Insights Virtual Appliance
NVD VulDB
CVSS 3.0
8.2
EPSS
0.0%
CVE-2017-16852 HIGH This Week

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Service Provider Debian Linux
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-0832 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libmpeg2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2017-4931 HIGH PATCH This Week

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

VMware Information Disclosure Airwatch
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-0836 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libhevc). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-0835 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libmpeg2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-0834 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libmpeg2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Google RCE Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-0833 HIGH PATCH This Week

A remote code execution vulnerability in the Android media framework (libavc). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-0841 HIGH PATCH This Week

A remote code execution vulnerability in the Android system (libutils). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-4932 HIGH PATCH This Week

VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google VMware Privilege Escalation Airwatch Launcher
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-16837 HIGH PATCH This Week

Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Trusted Boot
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0861 HIGH PATCH This Week

Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Use After Free Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0830 HIGH PATCH This Week

An elevation of privilege vulnerability in the Android framework (device policy client). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11013 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, countOffset (in function UnpackCore) is increased for each loop, while there is no. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-12314 HIGH This Week

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Findit Network Discovery Utility
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11014 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing a Measurement Request IE in a Roam Neighbor Action Report, a buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1087 HIGH This Week

In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Privilege Escalation Freebsd
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0866 HIGH This Week

An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Nvidia Google Tegra X1 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11092 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Use After Free Google Memory Corruption +2
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11015 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128 which may result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-16834 HIGH PATCH This Week

PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Pnp4Nagios
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0831 HIGH PATCH This Week

An elevation of privilege vulnerability in the Android framework (window manager). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11026 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Linux Google Mozilla Authentication Bypass Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11091 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Use After Free Google Information Disclosure Memory Corruption +2
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11024 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can potentially lead to a Use After. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Linux Use After Free Google Memory Corruption +2
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11017 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a specially crafted UBI image, it is possible to corrupt memory, or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9721 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the boot loader, a buffer overflow can occur while parsing the splash image. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9719 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9690 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Buffer Overflow Google Integer Overflow Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11085 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading to a buffer overflow due to improper bound checking in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11035 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "sme_set_ft_ies" and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11029 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers "user-memory-access" issue as the Camera CPP module Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0865 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek soc driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0864 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0863 HIGH PATCH This Week

An elevation of privilege vulnerability in the Upstream kernel video driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0842 HIGH PATCH This Week

An elevation of privilege vulnerability in the Android system (bluetooth). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9702 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11073 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qcacld pktlog allows mapping memory via /proc/ath_pktlog/cld to user space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11038 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Google Mozilla Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11032 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a double free can occur when kmalloc fails to allocate memory for pointers resp/req in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11027 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-11023 HIGH PATCH This Week

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy