Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-26 | CVE-2014-8156 | Permissions, Privileges, and Access Controls vulnerability in multiple products The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. local low complexity fso-frameworkd-project fso-gsmd-project fso-usaged-project phonefsod-project CWE-264 | 7.8 |
| 2017-09-26 | CVE-2014-0997 | Data Processing Errors vulnerability in Google Android 4.1.2/4.2.2/4.4.4 WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. | 7.5 |
| 2017-09-25 | CVE-2017-14734 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libbpg Project Libbpg 0.9.7 The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1. | 8.8 |
| 2017-09-25 | CVE-2016-5868 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. | 7.0 |
| 2017-09-25 | CVE-2015-7293 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | 8.8 |
| 2017-09-25 | CVE-2015-5704 | Command Injection vulnerability in multiple products scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | 7.8 |
| 2017-09-25 | CVE-2015-5263 | Improper Certificate Validation vulnerability in Pulpproject Pulp pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | 8.1 |
| 2017-09-25 | CVE-2015-5184 | Unspecified vulnerability in Redhat AMQ and Jboss Enterprise web Server Console: CORS headers set to allow all in Red Hat AMQ. | 7.5 |
| 2017-09-25 | CVE-2015-5183 | Unspecified vulnerability in Redhat Amq, Jboss A-Mq and Jboss Enterprise web Server Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. | 7.5 |
| 2017-09-25 | CVE-2015-5182 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat AMQ Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | 8.8 |