| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7372 | Hig | 0.46 | 7.0 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location. | ||
| CVE-2017-7371 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth. | ||
| CVE-2017-7370 | Hig | 0.46 | 7.0 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. | ||
| CVE-2017-7369 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption. | ||
| CVE-2017-7368 | Hig | 0.46 | 7.0 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver. | ||
| CVE-2017-7367 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image. | ||
| CVE-2017-7365 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated. | ||
| CVE-2016-10342 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler. | ||
| CVE-2016-10341 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended. | ||
| CVE-2016-10340 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler. | ||
| CVE-2016-10339 | Hig | 0.46 | 7.1 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore. | ||
| CVE-2016-10338 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing. | ||
| CVE-2015-9033 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer. | ||
| CVE-2015-9030 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication. | ||
| CVE-2015-9029 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory. | ||
| CVE-2015-9028 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine. | ||
| CVE-2015-9027 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. | ||
| CVE-2015-9026 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. | ||
| CVE-2015-9025 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application. | ||
| CVE-2015-9023 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. | ||
| CVE-2015-9022 | Hig | 0.46 | 7.0 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs. | ||
| CVE-2015-9020 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory. | ||
| CVE-2014-9967 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. | ||
| CVE-2014-9966 | Hig | 0.46 | 7.0 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display. | ||
| CVE-2014-9965 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call. | ||
| CVE-2014-9964 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality. | ||
| CVE-2014-9963 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM. | ||
| CVE-2014-9962 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command. | ||
| CVE-2014-9961 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. | ||
| CVE-2014-9960 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. | ||
| CVE-2016-9984 | Hig | 0.57 | 8.8 | 0.02 | Jun 13, 2017 | IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276. | ||
| CVE-2017-9603 | Hig | 0.61 | 8.8 | 0.05 | Jun 13, 2017 | SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. | ||
| CVE-2017-9429 | Hig | 0.60 | 8.8 | 0.03 | Jun 13, 2017 | SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. | ||
| CVE-2016-5391 | Hig | 0.49 | 7.5 | 0.03 | Jun 13, 2017 | libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). | ||
| CVE-2016-3704 | Hig | 0.49 | 7.5 | 0.02 | Jun 13, 2017 | Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. | ||
| CVE-2015-4596 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2017 | Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. | ||
| CVE-2015-3220 | Hig | 0.42 | 7.5 | 0.03 | Jun 13, 2017 | The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash). | ||
| CVE-2017-9604 | Hig | 0.49 | 7.5 | 0.01 | Jun 13, 2017 | KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the… | ||
| CVE-2017-9552 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2017 | A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME… | ||
| CVE-2017-6692 | Hig | 0.57 | 8.8 | 0.02 | Jun 13, 2017 | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected… | ||
| CVE-2017-6689 | Hig | 0.57 | 8.8 | 0.01 | Jun 13, 2017 | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected… | ||
| CVE-2017-6688 | Hig | 0.57 | 8.8 | 0.02 | Jun 13, 2017 | A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76). | ||
| CVE-2017-6687 | Hig | 0.57 | 8.8 | 0.01 | Jun 13, 2017 | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability.… | ||
| CVE-2017-6686 | Hig | 0.57 | 8.8 | 0.01 | Jun 13, 2017 | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information:… | ||
| CVE-2017-6685 | Hig | 0.57 | 8.8 | 0.01 | Jun 13, 2017 | A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information:… | ||
| CVE-2017-6684 | Hig | 0.57 | 8.8 | 0.02 | Jun 13, 2017 | A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0. | ||
| CVE-2017-6683 | Hig | 0.58 | 8.8 | 0.06 | Jun 13, 2017 | A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution… | ||
| CVE-2017-6682 | Hig | 0.57 | 8.8 | 0.02 | Jun 13, 2017 | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76). | ||
| CVE-2017-6681 | Hig | 0.49 | 7.5 | 0.03 | Jun 13, 2017 | A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known… | ||
| CVE-2017-6680 | Hig | 0.49 | 7.5 | 0.01 | Jun 13, 2017 | A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0. |
- risk 0.46cvss 7.0epss 0.00
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location.
- risk 0.51cvss 7.8epss 0.00
In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth.
- risk 0.46cvss 7.0epss 0.00
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.
- risk 0.51cvss 7.8epss 0.00
In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.
- risk 0.46cvss 7.0epss 0.00
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.
- risk 0.51cvss 7.8epss 0.00
In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.
- risk 0.51cvss 7.8epss 0.00
In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler.
- risk 0.46cvss 7.1epss 0.01
In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.
- risk 0.46cvss 7.0epss 0.00
In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
- risk 0.46cvss 7.0epss 0.00
In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.
- risk 0.57cvss 8.8epss 0.02
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276.
- risk 0.61cvss 8.8epss 0.05
SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.
- risk 0.60cvss 8.8epss 0.03
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.
- risk 0.49cvss 7.5epss 0.03
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).
- risk 0.49cvss 7.5epss 0.02
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
- risk 0.51cvss 7.8epss 0.00
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.
- risk 0.42cvss 7.5epss 0.03
The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash).
- risk 0.49cvss 7.5epss 0.01
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the…
- risk 0.51cvss 7.8epss 0.00
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76).
- risk 0.57cvss 8.8epss 0.01
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability.…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information:…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information:…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0.
- risk 0.58cvss 8.8epss 0.06
A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76).
- risk 0.49cvss 7.5epss 0.03
A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known…
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0.