Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-21 CVE-2017-8281 Race Condition vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI.
local
high complexity
google CWE-362
4.7
2017-09-21 CVE-2017-12153 NULL Pointer Dereference vulnerability in multiple products
A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3.
local
low complexity
linux debian canonical CWE-476
4.4
2017-09-21 CVE-2017-11040 Information Exposure vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to.
local
low complexity
google CWE-200
5.5
2017-09-21 CVE-2017-11002 Out-of-bounds Read vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur.
local
low complexity
google CWE-125
5.5
2017-09-21 CVE-2017-11001 Information Exposure vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read.
local
low complexity
google CWE-200
5.5
2017-09-21 CVE-2017-10996 Information Exposure vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated.
local
low complexity
google CWE-200
5.5
2017-09-21 CVE-2015-4706 Cross-site Scripting vulnerability in Ipython 3.0.0/3.1.0
Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path.
network
low complexity
ipython CWE-79
6.1
2017-09-21 CVE-2015-3296 Cross-site Scripting vulnerability in Nodebb
Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.
network
low complexity
nodebb CWE-79
6.1
2017-09-21 CVE-2017-14634 Divide By Zero vulnerability in multiple products
In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
network
low complexity
libsndfile-project debian CWE-369
6.5
2017-09-21 CVE-2017-14633 Out-of-bounds Read vulnerability in multiple products
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
network
low complexity
xiph-org debian canonical CWE-125
6.5