Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-0872 |
A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323. Published: December 06, 2017; 9:29:00 AM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2017-0871 |
An elevation of privilege vulnerability in the Android framework (framework base). Product: Android. Versions: 8.0. Android ID A-65281159. Published: December 06, 2017; 9:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-0870 |
An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62134807. Published: December 06, 2017; 9:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-0837 |
An elevation of privilege vulnerability in the Android media framework (libaudiopolicymanager). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64340921. Published: December 06, 2017; 9:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-17383 |
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624. Published: December 06, 2017; 12:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.7 MEDIUM V2.0: 3.5 LOW |
CVE-2017-17069 |
ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file. Published: December 06, 2017; 12:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2017-17434 |
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. Published: December 05, 2017; 10:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-17433 |
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. Published: December 05, 2017; 10:29:00 PM -0500 |
V4.0:(not available) V3.0: 3.7 LOW V2.0: 4.3 MEDIUM |
CVE-2017-17432 |
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. Published: December 05, 2017; 7:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2017-14374 |
The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance). Published: December 05, 2017; 7:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-15868 |
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. Published: December 05, 2017; 6:29:00 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-14018 |
An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability. Published: December 05, 2017; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.3 LOW |
CVE-2017-4920 |
The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity. Published: December 05, 2017; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.9 MEDIUM V2.0: 7.1 HIGH |
CVE-2017-17431 |
GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765. Published: December 05, 2017; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-14355 |
A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege. Published: December 05, 2017; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-9716 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qbt1000 driver implements an alternative channel for usermode applications to talk to QSEE applications. Published: December 05, 2017; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-6211 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur. Published: December 05, 2017; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2017-14918 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur. Published: December 05, 2017; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2017-14917 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated. Published: December 05, 2017; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2017-14916 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated. Published: December 05, 2017; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |