Total
260 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-9942 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist. | |||||
CVE-2017-13649 | 1 Unrealircd | 1 Unrealircd | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command. | |||||
CVE-2017-8576 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability." | |||||
CVE-2017-14681 | 1 P3scan Project | 1 P3scan | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan. | |||||
CVE-2017-14102 | 1 Mimedefang | 1 Mimedefang | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init-script.in and mimedefang-init.in scripts. | |||||
CVE-2017-13153 | 1 Google | 1 Android | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854. | |||||
CVE-2017-12736 | 1 Siemens | 15 Ruggedcom, Ruggedcom Ros, Ruggedcom Rsl910 and 12 more | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions. | |||||
CVE-2017-14610 | 1 Bareos | 1 Bareos | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. | |||||
CVE-2017-0723 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755. | |||||
CVE-2016-6836 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-04 | 2.1 LOW | 6.0 MEDIUM |
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object. | |||||
CVE-2016-9446 | 3 Fedoraproject, Gstreamer Project, Redhat | 8 Fedora, Gstreamer, Enterprise Linux Desktop and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. | |||||
CVE-2017-3820 | 1 Cisco | 1 Ios Xe | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3. | |||||
CVE-2014-4371 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-04 | 1.9 LOW | N/A |
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421. | |||||
CVE-2014-0178 | 1 Samba | 1 Samba | 2024-02-04 | 3.5 LOW | N/A |
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request. | |||||
CVE-2011-4087 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device. | |||||
CVE-2012-0012 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more | 2024-02-04 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability." | |||||
CVE-2010-4343 | 2 Linux, Vmware | 2 Linux Kernel, Esx | 2024-02-04 | 4.7 MEDIUM | 5.5 MEDIUM |
drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file. | |||||
CVE-2011-3927 | 1 Google | 1 Chrome | 2024-02-04 | 7.5 HIGH | N/A |
Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2010-4655 | 3 Canonical, Linux, Vmware | 3 Ubuntu Linux, Linux Kernel, Esx | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. | |||||
CVE-1999-0993 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 7.5 HIGH | N/A |
Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. |