Vulnerabilities > Code
|2018-04-18||CVE-2016-2169|| Code vulnerability in Cloudfoundry Capi-Release and Cf-Release |
Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw.
| 5.0 |
|2018-04-18||CVE-2016-10481|| Code vulnerability in Qualcomm products |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, if WLAN FW receives the WMI_STA_SMPS_PARAM_CMDID ioctl in not-associated state, when the virtual channel handle is not assigned, the code doesn't check for NULL virtual channel handle, so an assert occurs.
| 10.0 |
|2018-04-18||CVE-2015-9213|| Code vulnerability in Qualcomm products |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, the DIAG-EFS command EFS2_DIAG_DELTREE, which is handled by the function fs_diag_deltree_handler(), is used to delete files and directories only inside the /public folder.
| 5.0 |
|2017-01-19||CVE-2016-10075|| Code vulnerability in Tqdm Project Tqdm 4.10/4.4.1 |
The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.
| 4.6 |
|2017-01-14||CVE-2016-10142|| Code vulnerability in Ietf Ipv6 |
An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages.
| 8.6 |
|2016-05-17||CVE-2016-3721|| Code vulnerability in multiple products |
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
| 4.0 |
|2016-04-08||CVE-2015-5229|| Code vulnerability in Redhat products |
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
| 5.0 |
|2016-03-06||CVE-2016-1640|| Code vulnerability in Google Chrome |
The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site.
| 4.3 |
|2016-02-15||CVE-2016-2314|| Code vulnerability in Huawei Mt882 Firmware V200R002B022Arg |
GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands.
| 6.3 |
|2016-01-31||CVE-2016-1943|| Code vulnerability in multiple products |
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
| 4.3 |