Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-03 | CVE-2017-15836 | Integer Overflow or Wraparound vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if the firmware sends a service ready event to the host with a large number in the num_hw_modes or num_phy, then it could result in an integer overflow which may potentially lead to a buffer overflow. | 7.3 |
| 2018-04-03 | CVE-2017-15822 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing a 802.11 management frame, a buffer overflow may potentially occur. | 8.8 |
| 2018-04-03 | CVE-2017-14894 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in wma_vdev_start_resp_handler(), vdev id is received from firmware as part of WMI_VDEV_START_RESP_EVENTID. | 7.3 |
| 2018-04-03 | CVE-2017-14890 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the processing of an SWBA event, the vdev_map value is not properly validated leading to a potential buffer overwrite in function wma_send_bcn_buf_ll(). | 7.3 |
| 2018-04-03 | CVE-2017-14880 | Race Condition vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "num_q6_rule" does not have a mutex lock and thus can be accessed and modified by multiple threads. | 7.8 |
| 2018-04-03 | CVE-2017-11075 | Use After Free vulnerability in Google Android In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if cmd_pkt and reg_pkt are called from different userspace threads, a use after free condition can potentially occur in wdsp_glink_write(). | 7.8 |
| 2018-04-03 | CVE-2018-1098 | A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. | 8.8 |
| 2018-04-03 | CVE-2016-7472 | Improper Input Validation vulnerability in F5 Big-Ip Application Security Manager 12.1.0/12.1.1 F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request. | 7.5 |
| 2018-04-03 | CVE-2018-0493 | Use After Free vulnerability in multiple products remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution. | 7.2 |
| 2018-04-03 | CVE-2018-0492 | Race Condition vulnerability in multiple products Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. | 7.0 |