CWE:
 

Topic
Date
Author
Med.
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read
25.04.2017
Matt Bergin
Med.
SAP MII 15.0 Directory Traversal
17.05.2016
Dmitry Chastuhin
Med.
Infoware MapSuite Path Traversal
04.06.2014
Christian


CVEMAP Search Results

CVE
Details
Description
2017-12-05
Medium
CVE-2017-9708

Vendor: Google
Software: Android
 

 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function "msm_ois_power_down" is called without a mutex and a race condition can occur in variable "*reg_ptr" of sub function "msm_camera_config_single_vreg".

 
Medium
CVE-2017-9718

Vendor: Google
Software: Android
 

 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer overwrite.

 
2017-11-25
Low
CVE-2017-16942

Vendor: Libsndfile project
Software: Libsndfile
 

 
In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.

 
2017-11-22
Medium
CVE-2017-8148

Updating...
 

 
Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the application access shared resource, which make the system reboot.

 
2017-11-16
Medium
CVE-2017-11025

Vendor: Google
Software: Android
 

 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption can occur.

 
Medium
CVE-2017-11038

Vendor: Google
Software: Android
 

 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying different versions of the header at the time of check and use.

 
2017-11-07
High
CVE-2017-2898

Vendor: Meetcircle
Software: Circle with ...
 

 
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability.

 
Medium
CVE-2017-16649

Vendor: Linux
Software: Linux kernel
 

 
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.

 
Medium
CVE-2017-16650

Vendor: Linux
Software: Linux kernel
 

 
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.

 
2017-10-27
Low
CVE-2017-5061

Vendor: Google
Software: Chrome
 

 
A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

 

 


Copyright 2017, cxsecurity.com

 

Back to Top