Total
232 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14102 | 1 Mimedefang | 1 Mimedefang | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init-script.in and mimedefang-init.in scripts. | |||||
| CVE-2017-13649 | 1 Unrealircd | 1 Unrealircd | 2019-10-02 | 2.1 LOW | 5.5 MEDIUM |
| UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command. | |||||
| CVE-2017-12847 | 1 Nagios | 1 Nagios | 2019-10-02 | 6.3 MEDIUM | 6.3 MEDIUM |
| Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | |||||
| CVE-2017-12736 | 1 Siemens | 15 Ruggedcom, Ruggedcom Ros, Ruggedcom Rsl910 and 12 more | 2019-10-02 | 5.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions. | |||||
| CVE-2017-10972 | 1 X.org | 1 Xorg-server | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. | |||||
| CVE-2017-0745 | 1 Google | 1 Android | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296. | |||||
| CVE-2017-0735 | 1 Google | 1 Android | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38239864. | |||||
| CVE-2017-0723 | 1 Google | 1 Android | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755. | |||||
| CVE-2019-16921 | 1 Linux | 1 Linux Kernel | 2019-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813. | |||||
| CVE-2018-11949 | 1 Qualcomm | 54 Mdm9150, Mdm9150 Firmware, Mdm9206 and 51 more | 2019-05-28 | 10.0 HIGH | 9.8 CRITICAL |
| Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 | |||||
| CVE-2017-18131 | 1 Qualcomm | 56 Mdm9206, Mdm9206 Firmware, Mdm9607 and 53 more | 2019-05-07 | 7.2 HIGH | 7.8 HIGH |
| In QTEE, an incorrect fuse value can be blown in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016. | |||||
| CVE-2014-9942 | 1 Google | 1 Android | 2017-06-09 | 9.3 HIGH | 7.8 HIGH |
| In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist. | |||||