Vulnerabilities > Code

DATE CVE VULNERABILITY TITLE RISK
2018-04-18 CVE-2016-2169 Code vulnerability in Cloudfoundry Capi-Release and Cf-Release
Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw.
network
low complexity
cloudfoundry CWE-17
5.3
2018-04-18 CVE-2016-10481 Code vulnerability in Qualcomm products
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, if WLAN FW receives the WMI_STA_SMPS_PARAM_CMDID ioctl in not-associated state, when the virtual channel handle is not assigned, the code doesn't check for NULL virtual channel handle, so an assert occurs.
network
low complexity
qualcomm CWE-17
critical
9.8
2018-04-18 CVE-2015-9213 Code vulnerability in Qualcomm products
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, the DIAG-EFS command EFS2_DIAG_DELTREE, which is handled by the function fs_diag_deltree_handler(), is used to delete files and directories only inside the /public folder.
network
low complexity
qualcomm CWE-17
7.5
2017-01-19 CVE-2016-10075 Code vulnerability in Tqdm Project Tqdm 4.10/4.4.1
The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.
local
low complexity
tqdm-project CWE-17
7.8
2017-01-14 CVE-2016-10142 Code vulnerability in Ietf Ipv6
An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages.
network
low complexity
ietf CWE-17
8.6
2016-05-17 CVE-2016-3721 Code vulnerability in multiple products
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
network
low complexity
redhat jenkins CWE-17
6.5
2016-04-08 CVE-2015-5229 Code vulnerability in Redhat products
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
network
low complexity
redhat CWE-17
7.5
2016-03-06 CVE-2016-1640 Code vulnerability in Google Chrome
The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site.
network
low complexity
google CWE-17
4.3
2016-02-15 CVE-2016-2314 Code vulnerability in Huawei Mt882 Firmware V200R002B022Arg
GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands.
network
low complexity
huawei CWE-17
4.9
2016-01-31 CVE-2016-1943 Code vulnerability in multiple products
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
network
low complexity
opensuse mozilla google CWE-17
4.7