Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-10 | CVE-2017-11048 | Use After Free vulnerability in Google Android 8.0 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur. | 7.8 |
| 2017-10-10 | CVE-2017-11046 | Out-of-bounds Write vulnerability in Google Android 8.0 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentially occur. | 7.8 |
| 2017-10-10 | CVE-2015-8239 | Race Condition vulnerability in Sudo Project Sudo The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. | 7.0 |
| 2017-10-10 | CVE-2015-7503 | Key Management Errors vulnerability in Zend Framework Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key. | 7.5 |
| 2017-10-10 | CVE-2015-7384 | Resource Exhaustion vulnerability in Nodejs Node.Js 4.0.0/4.1.0/4.1.1 Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. | 7.5 |
| 2017-10-10 | CVE-2015-5675 | Permissions, Privileges, and Access Controls vulnerability in Freebsd 10.1/9.3 The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic). | 7.8 |
| 2017-10-10 | CVE-2015-5639 | Improper Certificate Validation vulnerability in Dwango Niconico 6.37 niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. | 7.4 |
| 2017-10-10 | CVE-2015-2988 | Improper Certificate Validation vulnerability in Rakutencard Rakuten Card Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. | 7.4 |
| 2017-10-10 | CVE-2015-2856 | Path Traversal vulnerability in Accellion File Transfer Appliance Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2017-10-10 | CVE-2017-14943 | Information Exposure vulnerability in Trapezegroup Transitmaster Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. | 7.5 |