Total
275 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-13153 | 1 Google | 1 Android | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854. | |||||
CVE-2017-12736 | 1 Siemens | 15 Ruggedcom, Ruggedcom Ros, Ruggedcom Rsl910 and 12 more | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions. | |||||
CVE-2017-14610 | 1 Bareos | 1 Bareos | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. | |||||
CVE-2017-0723 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755. | |||||
CVE-2016-6836 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-04 | 2.1 LOW | 6.0 MEDIUM |
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object. | |||||
CVE-2016-9446 | 3 Fedoraproject, Gstreamer Project, Redhat | 8 Fedora, Gstreamer, Enterprise Linux Desktop and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. | |||||
CVE-2017-3820 | 1 Cisco | 1 Ios Xe | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3. | |||||
CVE-2014-4371 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-04 | 1.9 LOW | N/A |
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421. | |||||
CVE-2014-0178 | 1 Samba | 1 Samba | 2024-02-04 | 3.5 LOW | N/A |
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request. | |||||
CVE-2011-4087 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device. | |||||
CVE-2012-0012 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more | 2024-02-04 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability." | |||||
CVE-2010-4343 | 2 Linux, Vmware | 2 Linux Kernel, Esx | 2024-02-04 | 4.7 MEDIUM | 5.5 MEDIUM |
drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file. | |||||
CVE-2011-3927 | 1 Google | 1 Chrome | 2024-02-04 | 7.5 HIGH | N/A |
Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2010-4655 | 3 Canonical, Linux, Vmware | 3 Ubuntu Linux, Linux Kernel, Esx | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. | |||||
CVE-1999-0993 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 7.5 HIGH | N/A |
Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. |