|
248701
|
7.0 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.
|
CWE-416
Use After Free
|
CVE-2017-7370
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248702
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.
|
CWE-20
Improper Input Validation
|
CVE-2017-7369
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248703
|
7.0 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.
|
CWE-362
Race Condition
|
CVE-2017-7368
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248704
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2017-7367
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248705
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters.
|
CWE-20
Improper Input Validation
|
CVE-2017-7366
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248706
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7365
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248707
|
7.3 |
HIGH
Local
|
eduiq
|
net_monitor_for_employees
|
Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privi…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2017-7180
|
2024-11-21 12:31 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248708
|
7.5 |
HIGH
Network
|
personify
|
personify360_e-business
|
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.
|
CWE-287
Improper Authentication
|
CVE-2017-7314
|
2024-11-21 12:31 |
2017-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248709
|
7.5 |
HIGH
Network
|
personify
|
personify360_e-business
|
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other wor…
|
CWE-200
Information Exposure
|
CVE-2017-7313
|
2024-11-21 12:31 |
2017-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248710
|
9.8 |
CRITICAL
Network
|
personifycorp
|
personify360
|
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and…
|
CWE-269
Improper Privilege Management
|
CVE-2017-7312
|
2024-11-21 12:31 |
2017-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
