Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-21 | CVE-2017-8281 | Race Condition vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. | 4.7 |
| 2017-09-21 | CVE-2017-12153 | NULL Pointer Dereference vulnerability in multiple products A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. | 4.4 |
| 2017-09-21 | CVE-2017-11040 | Information Exposure vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to. | 5.5 |
| 2017-09-21 | CVE-2017-11002 | Out-of-bounds Read vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur. | 5.5 |
| 2017-09-21 | CVE-2017-11001 | Information Exposure vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read. | 5.5 |
| 2017-09-21 | CVE-2017-10996 | Information Exposure vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. | 5.5 |
| 2017-09-21 | CVE-2015-4706 | Cross-site Scripting vulnerability in Ipython 3.0.0/3.1.0 Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path. | 6.1 |
| 2017-09-21 | CVE-2015-3296 | Cross-site Scripting vulnerability in Nodebb Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs. | 6.1 |
| 2017-09-21 | CVE-2017-14634 | Divide By Zero vulnerability in multiple products In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. | 6.5 |
| 2017-09-21 | CVE-2017-14633 | Out-of-bounds Read vulnerability in multiple products In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). | 6.5 |