Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8237 1 Google 1 Android 2017-07-08 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image.
CVE-2017-8241 1 Google 1 Android 2017-07-08 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length.
CVE-2017-7373 1 Google 1 Android 2017-07-08 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.
CVE-2017-7372 1 Google 1 Android 2017-07-08 7.6 HIGH 7.0 HIGH
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location.
CVE-2017-6707 1 Cisco 1 Staros 2017-07-08 7.2 HIGH 8.2 HIGH
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930.
CVE-2017-6652 1 Cisco 1 Telepresence Ix5000 2017-07-08 5.0 MEDIUM 7.5 HIGH
A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory traversal techniques to read files within the Cisco TelePresence IX5000 Series filesystem. This vulnerability affects Cisco TelePresence IX5000 Series devices running software version 8.2.0. Cisco Bug IDs: CSCvc52325.
CVE-2017-6651 1 Cisco 1 Webex Meetings Server 2017-07-08 5.0 MEDIUM 7.5 HIGH
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950.
CVE-2017-6621 1 Cisco 1 Prime Collaboration Provisioning 2017-07-08 5.0 MEDIUM 7.5 HIGH
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases 10.6 through 11.5. Cisco Bug IDs: CSCvc99626.
CVE-2017-3087 1 Adobe 1 Captivate 2017-07-08 5.0 MEDIUM 7.5 HIGH
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate.
CVE-2017-3067 1 Adobe 1 Experience Manager Forms 2017-07-08 5.0 MEDIUM 7.5 HIGH
Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms.
CVE-2017-2548 1 Apple 1 Mac Os X 2017-07-08 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2526 1 Apple 2 Iphone Os, Safari 2017-07-08 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-2498 1 Apple 1 Iphone Os 2017-07-08 5.0 MEDIUM 7.5 HIGH
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate.
CVE-2017-2496 1 Apple 2 Iphone Os, Safari 2017-07-08 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-2494 1 Apple 1 Mac Os X 2017-07-08 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-0228 1 Microsoft 2 Edge, Internet Explorer 2017-07-08 7.6 HIGH 7.5 HIGH
A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.
CVE-2016-9251 1 F5 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more 2017-07-08 6.5 MEDIUM 8.8 HIGH
In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.
CVE-2016-9253 1 F5 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more 2017-07-08 5.0 MEDIUM 7.5 HIGH
In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.
CVE-2017-0236 1 Microsoft 1 Edge 2017-07-08 7.6 HIGH 7.5 HIGH
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238.
CVE-2017-0234 1 Microsoft 1 Edge 2017-07-08 7.6 HIGH 7.5 HIGH
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.
CVE-2016-8209 1 Brocade 19 Netiron Cer 2024c-4x-rt, Netiron Cer 2024f-4x-rt, Netiron Cer 2024f-rt and 16 more 2017-07-08 5.0 MEDIUM 7.5 HIGH
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
CVE-2017-0637 1 Google 1 Android 2017-07-08 9.3 HIGH 7.8 HIGH
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34064500.
CVE-2014-9960 1 Google 1 Android 2017-07-08 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.
CVE-2014-9961 1 Google 1 Android 2017-07-08 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection.
CVE-2014-9962 1 Google 1 Android 2017-07-08 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command.
CVE-2014-9963 1 Google 1 Android 2017-07-08 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM.
CVE-2017-0254 1 Microsoft 7 Office, Office Compatibility Pack, Office Web Apps and 4 more 2017-07-08 9.3 HIGH 7.8 HIGH
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.
CVE-2017-0240 1 Microsoft 1 Edge 2017-07-08 7.6 HIGH 7.5 HIGH
A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0221 and CVE-2017-0227.
CVE-2017-2506 1 Apple 2 Iphone Os, Safari 2017-07-08 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-6712 1 Cisco 1 Elastic Services Controller 2017-07-08 9.0 HIGH 8.8 HIGH
A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing the user to overwrite any file on the filesystem and elevate privileges to root. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76634.
CVE-2017-4014 1 Mcafee 1 Network Data Loss Prevention 2017-07-08 6.0 MEDIUM 8.0 HIGH
Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.
CVE-2017-2544 1 Apple 2 Iphone Os, Safari 2017-07-08 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-7901 1 Rockwellautomation 21 1763-l16awa Series A, 1763-l16awa Series B, 1763-l16bbb Series A and 18 more 2017-07-08 9.0 HIGH 8.6 HIGH
A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. Insufficiently random TCP initial sequence numbers are generated, which may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections, resulting in a denial of service for the target device.
CVE-2017-6977 1 Apple 1 Mac Os X 2017-07-08 6.8 MEDIUM 8.6 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2546 1 Apple 1 Mac Os X 2017-07-08 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2541 1 Apple 1 Mac Os X 2017-07-08 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2503 1 Apple 1 Mac Os X 2017-07-08 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2539 1 Apple 2 Iphone Os, Safari 2017-07-08 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-2537 1 Apple 1 Mac Os X 2017-07-08 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2512 1 Apple 1 Mac Os X 2017-07-08 6.8 MEDIUM 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Sandbox" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-7367 1 Google 1 Android 2017-07-08 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.
CVE-2017-6985 1 Apple 1 Mac Os X 2017-07-08 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2545 1 Apple 1 Mac Os X 2017-07-08 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2543 1 Apple 1 Mac Os X 2017-07-08 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2542 1 Apple 1 Mac Os X 2017-07-08 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-6986 1 Apple 1 Mac Os X 2017-07-08 6.8 MEDIUM 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-9023 1 Google 1 Android 2017-07-08 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.
CVE-2015-9027 1 Google 1 Android 2017-07-08 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
CVE-2015-9026 1 Google 1 Android 2017-07-08 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
CVE-2015-9028 1 Google 1 Android 2017-07-08 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine.