Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10237 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory. | |||||
| CVE-2016-5396 | 1 Apache | 1 Traffic Server | 2017-07-11 | 7.8 HIGH | 7.5 HIGH |
| Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. | |||||
| CVE-2016-10242 | 1 Google | 1 Android | 2017-07-11 | 7.6 HIGH | 7.0 HIGH |
| A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel. | |||||
| CVE-2016-10239 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur. | |||||
| CVE-2016-10238 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue. | |||||
| CVE-2017-0538 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588. | |||||
| CVE-2017-0539 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300. | |||||
| CVE-2017-0180 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2008 and 2 more | 2017-07-11 | 7.4 HIGH | 7.6 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0181. | |||||
| CVE-2017-0543 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866. | |||||
| CVE-2017-5580 | 1 Virglrenderer Project | 1 Virglrenderer | 2017-07-11 | 2.1 LOW | 7.1 HIGH |
| The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction. | |||||
| CVE-2017-0162 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more | 2017-07-11 | 7.4 HIGH | 7.6 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0163, CVE-2017-0180, and CVE-2017-0181. | |||||
| CVE-2017-3808 | 1 Cisco | 1 Unified Communications Manager | 2017-07-11 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455. | |||||
| CVE-2017-0163 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2008 and 2 more | 2017-07-11 | 7.4 HIGH | 7.6 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181. | |||||
| CVE-2017-0541 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018. | |||||
| CVE-2017-0181 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2008 and 2 more | 2017-07-11 | 7.4 HIGH | 7.6 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180. | |||||
| CVE-2017-5659 | 1 Apache | 1 Traffic Server | 2017-07-11 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | |||||
| CVE-2016-8465 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32474971. References: B-RB#106053. | |||||
| CVE-2017-0542 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721. | |||||
| CVE-2017-1194 | 1 Ibm | 1 Websphere Application Server | 2017-07-11 | 6.8 MEDIUM | 8.8 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669. | |||||
| CVE-2015-8997 | 1 Google | 1 Android | 2017-07-11 | 7.6 HIGH | 7.0 HIGH |
| In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel. | |||||
| CVE-2015-8996 | 1 Google | 1 Android | 2017-07-11 | 7.6 HIGH | 7.0 HIGH |
| In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. | |||||
| CVE-2015-8995 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. | |||||
| CVE-2014-9922 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c. | |||||
| CVE-2015-8999 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file. | |||||
| CVE-2015-8998 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. | |||||
| CVE-2014-9934 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. | |||||
| CVE-2014-9933 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access. | |||||
| CVE-2014-9932 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation. | |||||
| CVE-2014-9931 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value. | |||||
| CVE-2017-0106 | 1 Microsoft | 1 Outlook | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2017-0093 | 1 Microsoft | 1 Edge | 2017-07-11 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0201. | |||||
| CVE-2017-0197 | 1 Microsoft | 1 Onenote | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability." | |||||
| CVE-2017-0200 | 1 Microsoft | 1 Edge | 2017-07-11 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability." | |||||
| CVE-2017-0201 | 1 Microsoft | 1 Internet Explorer | 2017-07-11 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0093. | |||||
| CVE-2017-0205 | 1 Microsoft | 1 Edge | 2017-07-11 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability." | |||||
| CVE-2017-3065 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the font manipulation functionality. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3057 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3056 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine, related to string manipulation. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3054 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to manipulation of EMF files. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3051 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of JPEG files. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3050 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of GIF files. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3049 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal tile manipulation in TIFF files. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3048 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal scan line representation in TIFF files. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3047 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript engine's annotation-related API. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3044 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 engine, related to image scaling. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3042 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in image conversion, related to parsing offsets in TIFF files. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3041 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible plugin. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3040 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 image compression module. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3039 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the PPKLite security handler. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3036 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX (picture exchange) file format. Successful exploitation could lead to arbitrary code execution. | |||||