| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15015 | Hig | 0.57 | 8.8 | 0.01 | Oct 5, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. | ||
| CVE-2017-13993 | Hig | 0.51 | 7.8 | 0.02 | Oct 5, 2017 | An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file… | ||
| CVE-2017-12728 | Hig | 0.51 | 7.8 | 0.00 | Oct 5, 2017 | An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary… | ||
| CVE-2017-1000253 | Hig | 0.73 | 7.8 | 0.11 | KEV | Oct 5, 2017 | Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86… | |
| CVE-2017-1000120 | Hig | 0.57 | 8.8 | 0.01 | Oct 5, 2017 | [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. | ||
| CVE-2017-1000119 | Hig | 0.55 | 7.2 | 0.61 | Oct 5, 2017 | October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. | ||
| CVE-2017-1000118 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2017 | Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service | ||
| CVE-2017-1000117 | Hig | 0.66 | 8.8 | 0.78 | Oct 5, 2017 | A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an… | ||
| CVE-2017-1000115 | Hig | 0.49 | 7.5 | 0.05 | Oct 5, 2017 | Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository | ||
| CVE-2017-1000112 | Hig | 0.50 | 7.0 | 0.21 | Oct 5, 2017 | Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which… | ||
| CVE-2017-1000111 | Hig | 0.51 | 7.8 | 0.00 | Oct 5, 2017 | Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with… | ||
| CVE-2017-1000108 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2017 | The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead. | ||
| CVE-2017-1000107 | Hig | 0.57 | 8.8 | 0.01 | Oct 5, 2017 | Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing… | ||
| CVE-2017-1000106 | Hig | 0.55 | 8.5 | 0.01 | Oct 5, 2017 | Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing… | ||
| CVE-2017-1000098 | Hig | 0.42 | 7.5 | 0.02 | Oct 5, 2017 | The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors. | ||
| CVE-2017-1000097 | Hig | 0.42 | 7.5 | 0.01 | Oct 5, 2017 | On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate. | ||
| CVE-2017-1000096 | Hig | 0.57 | 8.8 | 0.02 | Oct 5, 2017 | Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular… | ||
| CVE-2017-1000093 | Hig | 0.57 | 8.8 | 0.01 | Oct 5, 2017 | Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a… | ||
| CVE-2017-1000092 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2017 | Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a… | ||
| CVE-2017-1000090 | Hig | 0.57 | 8.8 | 0.01 | Oct 5, 2017 | Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing… | ||
| CVE-2017-1000086 | Hig | 0.52 | 8.0 | 0.01 | Oct 5, 2017 | The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not… | ||
| CVE-2017-8048 | Hig | 0.51 | 7.8 | 0.01 | Oct 4, 2017 | In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by… | ||
| CVE-2017-1541 | Hig | 0.48 | 7.3 | 0.02 | Oct 4, 2017 | A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809. | ||
| CVE-2017-15011 | Hig | 0.49 | 7.5 | 0.01 | Oct 4, 2017 | The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. | ||
| CVE-2017-15010 | Hig | 0.42 | 7.5 | 0.03 | Oct 4, 2017 | A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU. | ||
| CVE-2017-12820 | Hig | 0.49 | 7.5 | 0.02 | Oct 4, 2017 | Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service. | ||
| CVE-2017-12818 | Hig | 0.49 | 7.5 | 0.02 | Oct 4, 2017 | Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service. | ||
| CVE-2017-12617 | Hig | 0.69 | 8.1 | 1.00 | KEV | Oct 4, 2017 | When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via… | |
| CVE-2017-11122 | Hig | 0.49 | 7.5 | 0.02 | Oct 4, 2017 | On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading. | ||
| CVE-2017-0827 | Hig | 0.51 | 7.8 | 0.00 | Oct 4, 2017 | An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872. | ||
| CVE-2017-0826 | Hig | 0.51 | 7.8 | 0.00 | Oct 4, 2017 | An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781. | ||
| CVE-2017-0825 | Hig | 0.49 | 7.5 | 0.00 | Oct 4, 2017 | An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002. | ||
| CVE-2017-0823 | Hig | 0.49 | 7.5 | 0.01 | Oct 4, 2017 | An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655. | ||
| CVE-2017-0820 | Hig | 0.49 | 7.5 | 0.01 | Oct 4, 2017 | A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433. | ||
| CVE-2017-0819 | Hig | 0.49 | 7.5 | 0.01 | Oct 4, 2017 | A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918. | ||
| CVE-2017-0818 | Hig | 0.49 | 7.5 | 0.01 | Oct 4, 2017 | A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671. | ||
| CVE-2017-0817 | Hig | 0.49 | 7.5 | 0.01 | Oct 4, 2017 | An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430. | ||
| CVE-2017-0814 | Hig | 0.49 | 7.5 | 0.01 | Oct 4, 2017 | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140. | ||
| CVE-2017-0813 | Hig | 0.49 | 7.5 | 0.01 | Oct 4, 2017 | A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046. | ||
| CVE-2017-0812 | Hig | 0.51 | 7.8 | 0.01 | Oct 4, 2017 | An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231. | ||
| CVE-2017-0811 | Hig | 0.51 | 7.8 | 0.02 | Oct 4, 2017 | A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177. | ||
| CVE-2017-0810 | Hig | 0.51 | 7.8 | 0.02 | Oct 4, 2017 | A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066. | ||
| CVE-2017-0809 | Hig | 0.51 | 7.8 | 0.02 | Oct 4, 2017 | A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128. | ||
| CVE-2017-0808 | Hig | 0.49 | 7.5 | 0.01 | Oct 4, 2017 | An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183. | ||
| CVE-2017-0806 | Hig | 0.51 | 7.8 | 0.01 | Oct 4, 2017 | An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805. | ||
| CVE-2017-8018 | Hig | 0.49 | 7.5 | 0.01 | Oct 3, 2017 | EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system. | ||
| CVE-2017-6090 | Hig | 0.68 | 8.8 | 0.96 | Oct 3, 2017 | Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/. | ||
| CVE-2017-1569 | Hig | 0.49 | 7.5 | 0.02 | Oct 3, 2017 | IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779. | ||
| CVE-2017-14979 | Hig | 0.49 | 7.5 | 0.01 | Oct 3, 2017 | Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php. | ||
| CVE-2017-14848 | Hig | 0.60 | 8.8 | 0.03 | Oct 3, 2017 | WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. |
- risk 0.57cvss 8.8epss 0.01
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
- risk 0.51cvss 7.8epss 0.02
An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file…
- risk 0.51cvss 7.8epss 0.00
An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary…
- risk 0.73cvss 7.8epss 0.11
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86…
- risk 0.57cvss 8.8epss 0.01
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
- risk 0.55cvss 7.2epss 0.61
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.
- risk 0.49cvss 7.5epss 0.01
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service
- risk 0.66cvss 8.8epss 0.78
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an…
- risk 0.49cvss 7.5epss 0.05
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
- risk 0.50cvss 7.0epss 0.21
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which…
- risk 0.51cvss 7.8epss 0.00
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with…
- risk 0.49cvss 7.5epss 0.01
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.
- risk 0.57cvss 8.8epss 0.01
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing…
- risk 0.55cvss 8.5epss 0.01
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing…
- risk 0.42cvss 7.5epss 0.02
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.
- risk 0.42cvss 7.5epss 0.01
On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.
- risk 0.57cvss 8.8epss 0.02
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular…
- risk 0.57cvss 8.8epss 0.01
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a…
- risk 0.49cvss 7.5epss 0.01
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a…
- risk 0.57cvss 8.8epss 0.01
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing…
- risk 0.52cvss 8.0epss 0.01
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not…
- risk 0.51cvss 7.8epss 0.01
In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by…
- risk 0.48cvss 7.3epss 0.02
A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809.
- risk 0.49cvss 7.5epss 0.01
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.
- risk 0.42cvss 7.5epss 0.03
A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.
- risk 0.49cvss 7.5epss 0.02
Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
- risk 0.49cvss 7.5epss 0.02
Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
- risk 0.69cvss 8.1epss 1.00
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via…
- risk 0.49cvss 7.5epss 0.02
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.
- risk 0.51cvss 7.8epss 0.00
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872.
- risk 0.51cvss 7.8epss 0.00
An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781.
- risk 0.49cvss 7.5epss 0.00
An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002.
- risk 0.49cvss 7.5epss 0.01
An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433.
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918.
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671.
- risk 0.49cvss 7.5epss 0.01
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430.
- risk 0.49cvss 7.5epss 0.01
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140.
- risk 0.49cvss 7.5epss 0.01
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231.
- risk 0.51cvss 7.8epss 0.02
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177.
- risk 0.51cvss 7.8epss 0.02
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066.
- risk 0.51cvss 7.8epss 0.02
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128.
- risk 0.49cvss 7.5epss 0.01
An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805.
- risk 0.49cvss 7.5epss 0.01
EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.
- risk 0.68cvss 8.8epss 0.96
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.
- risk 0.49cvss 7.5epss 0.02
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779.
- risk 0.49cvss 7.5epss 0.01
Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.
- risk 0.60cvss 8.8epss 0.03
WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.