Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-06 CVE-2014-9929 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist.
local
low complexity
google CWE-119
7.8
2017-06-06 CVE-2014-9928 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
local
low complexity
google CWE-119
7.8
2017-06-06 CVE-2014-9927 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
local
low complexity
google CWE-119
7.8
2017-06-06 CVE-2014-9926 Use After Free vulnerability in Google Android
In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
local
low complexity
google CWE-416
7.8
2017-06-06 CVE-2014-9925 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
local
low complexity
google CWE-119
7.8
2017-06-06 CVE-2014-9924 Numeric Errors vulnerability in Google Android
In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur.
local
low complexity
google CWE-189
7.8
2017-06-06 CVE-2014-9923 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
local
low complexity
google CWE-119
7.8
2017-06-05 CVE-2017-9444 Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS
BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= URI, and the index.php/admin/developer/upgrade/set-ftp-directory/ URI.
network
low complexity
bigtreecms CWE-352
8.8
2017-06-05 CVE-2017-9443 SQL Injection vulnerability in Bigtreecms Bigtree CMS
BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package.
network
low complexity
bigtreecms CWE-89
8.8
2017-06-05 CVE-2017-9442 Code Injection vulnerability in Bigtreecms Bigtree CMS
BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php.
network
low complexity
bigtreecms CWE-94
8.8