Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9817 | 1 Xen | 1 Xen | 2017-07-28 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. | |||||
| CVE-2016-9816 | 1 Xen | 1 Xen | 2017-07-28 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. | |||||
| CVE-2016-9815 | 1 Xen | 1 Xen | 2017-07-28 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. | |||||
| CVE-2016-9378 | 1 Xen | 1 Xen | 2017-07-28 | 2.1 LOW | 5.5 MEDIUM |
| Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery. | |||||
| CVE-2016-8418 | 1 Google | 1 Android | 2017-07-25 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457. | |||||
| CVE-2016-9245 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2017-07-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. | |||||
| CVE-2016-8032 | 1 Mcafee | 1 Anti-malware Scan Engine | 2017-07-12 | 4.4 MEDIUM | 7.3 HIGH |
| Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. | |||||
| CVE-2016-5551 | 1 Oracle | 1 Solaris Cluster | 2017-07-11 | 1.9 LOW | 2.8 LOW |
| Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris Cluster accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). | |||||
| CVE-2016-10237 | 1 Google | 1 Android | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory. | |||||
| CVE-2016-10335 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, libtomcrypt was updated. | |||||
| CVE-2016-10334 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten. | |||||
| CVE-2016-10333 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS. | |||||
| CVE-2015-9029 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory. | |||||
| CVE-2015-9024 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications. | |||||
| CVE-2015-9021 | 1 Google | 1 Android | 2017-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. | |||||
| CVE-2014-9961 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. | |||||
| CVE-2016-10042 | 1 Arcadyan | 2 Swisscom Internet-box, Swisscom Internet-box Firmware | 2017-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure. | |||||
| CVE-2016-4383 | 1 Hp | 1 Helion Openstack Glance | 2017-07-06 | 8.5 HIGH | 8.4 HIGH |
| The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change. | |||||
| CVE-2016-5414 | 1 Freeipa | 1 Freeipa | 2017-07-05 | 5.0 MEDIUM | 7.5 HIGH |
| FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. | |||||
| CVE-2015-3840 | 1 Google | 1 Android | 2017-07-05 | 2.1 LOW | 5.5 MEDIUM |
| The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. | |||||