Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-10 CVE-2017-11048 Use After Free vulnerability in Google Android 8.0
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur.
local
low complexity
google CWE-416
7.8
2017-10-10 CVE-2017-11046 Out-of-bounds Write vulnerability in Google Android 8.0
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentially occur.
local
low complexity
google CWE-787
7.8
2017-10-10 CVE-2015-8239 Race Condition vulnerability in Sudo Project Sudo
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
local
high complexity
sudo-project CWE-362
7.0
2017-10-10 CVE-2015-7503 Key Management Errors vulnerability in Zend Framework
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.
network
low complexity
zend CWE-320
7.5
2017-10-10 CVE-2015-7384 Resource Exhaustion vulnerability in Nodejs Node.Js 4.0.0/4.1.0/4.1.1
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
network
low complexity
nodejs CWE-400
7.5
2017-10-10 CVE-2015-5675 Permissions, Privileges, and Access Controls vulnerability in Freebsd 10.1/9.3
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).
local
low complexity
freebsd CWE-264
7.8
2017-10-10 CVE-2015-5639 Improper Certificate Validation vulnerability in Dwango Niconico 6.37
niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks.
network
high complexity
dwango CWE-295
7.4
2017-10-10 CVE-2015-2988 Improper Certificate Validation vulnerability in Rakutencard Rakuten Card
Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks.
network
high complexity
rakutencard CWE-295
7.4
2017-10-10 CVE-2015-2856 Path Traversal vulnerability in Accellion File Transfer Appliance
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a ..
network
low complexity
accellion CWE-22
7.5
2017-10-10 CVE-2017-14943 Information Exposure vulnerability in Trapezegroup Transitmaster
Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber.
network
low complexity
trapezegroup CWE-200
7.5