Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-05 | CVE-2017-11042 | Missing Authorization vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control. | 7.8 |
| 2017-12-05 | CVE-2017-11033 | Use After Free vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the coresight-tmc driver, a simultaneous read and enable of the ETR device after changing the buffer size may result in a Use After Free condition of the previous buffer. | 7.8 |
| 2017-12-05 | CVE-2017-11031 | Use After Free vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command can be used to cause a Use After Free condition. | 7.5 |
| 2017-12-05 | CVE-2017-11030 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the HDMI video driver function hdmi_edid_sysfs_rda_res_info(), userspace can perform an arbitrary write into kernel memory. | 7.8 |
| 2017-12-05 | CVE-2017-11019 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the fd allocated during the get_metadata was not closed even though the buffer allocated to the fd was freed. | 7.8 |
| 2017-12-05 | CVE-2017-11016 | Improper Resource Shutdown or Release vulnerability in Google Android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when memory allocation fails while creating a calibration block in create_cal_block stale pointers are left uncleared. | 7.8 |
| 2017-12-05 | CVE-2017-16857 | Race Condition vulnerability in Atlassian Bitbucket Auto Unapprove Plugin It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. | 8.5 |
| 2017-12-05 | CVE-2016-1255 | Link Following vulnerability in Debian Postgresql-Common The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql. | 7.8 |
| 2017-12-05 | CVE-2016-1254 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. | 7.5 |
| 2017-12-05 | CVE-2017-8824 | Use After Free vulnerability in Linux Kernel The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state. | 7.8 |