Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9021 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. | |||||
| CVE-2014-9961 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. | |||||
| CVE-2016-10335 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, libtomcrypt was updated. | |||||
| CVE-2016-10333 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS. | |||||
| CVE-2016-10334 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten. | |||||
| CVE-2016-10042 | 1 Arcadyan | 2 Swisscom Internet-box, Swisscom Internet-box Firmware | 2017-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure. | |||||
| CVE-2016-4383 | 1 Hp | 1 Helion Openstack Glance | 2017-07-06 | 8.5 HIGH | 8.4 HIGH |
| The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change. | |||||
| CVE-2016-5414 | 1 Freeipa | 1 Freeipa | 2017-07-05 | 5.0 MEDIUM | 7.5 HIGH |
| FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. | |||||
| CVE-2015-3840 | 1 Google | 1 Android | 2017-07-05 | 2.1 LOW | 5.5 MEDIUM |
| The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. | |||||
| CVE-2015-8697 | 1 Stalin Project | 1 Stalin | 2017-07-03 | 2.1 LOW | 5.5 MEDIUM |
| stalin 0.11-5 allows local users to write to arbitrary files. | |||||
| CVE-2015-7898 | 1 Samsung | 2 Galaxy S6, Samsung Mobile | 2017-07-03 | 2.1 LOW | 5.5 MEDIUM |
| Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | |||||
| CVE-2015-7895 | 1 Samsung | 2 Galaxy S6, Samsung Mobile | 2017-07-03 | 2.1 LOW | 5.5 MEDIUM |
| Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | |||||
| CVE-2016-9920 | 1 Roundcube | 1 Webmail | 2017-07-01 | 6.0 MEDIUM | 7.5 HIGH |
| steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message. | |||||
| CVE-2016-9190 | 2 Debian, Python | 2 Debian Linux, Pillow | 2017-07-01 | 6.8 MEDIUM | 7.8 HIGH |
| Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. | |||||
| CVE-2016-3105 | 2 Debian, Mercurial | 2 Debian Linux, Mercurial | 2017-07-01 | 6.8 MEDIUM | 8.8 HIGH |
| The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. | |||||
| CVE-2016-2820 | 1 Mozilla | 1 Firefox | 2017-07-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. | |||||
| CVE-2016-6258 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-07-01 | 7.2 HIGH | 8.8 HIGH |
| The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | |||||
| CVE-2016-2816 | 1 Mozilla | 1 Firefox | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. | |||||
| CVE-2016-5801 | 1 Omnimetrix | 1 Omniview | 2017-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements for the OmniView web application may allow an attacker to gain access by brute forcing account passwords. | |||||
| CVE-2015-2692 | 1 Adblock | 1 Adblock | 2017-06-20 | 6.4 MEDIUM | 10.0 CRITICAL |
| AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters. | |||||