CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5994 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds… | |||
| CVE-2017-6335 | medium | 5.5 | 5.5 | 9y ago | The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samp… | |||
| CVE-2017-5957 | medium | 5.5 | 5.5 | 9y ago | Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), al… | |||
| CVE-2017-6596 | medium | 5.5 | 5.5 | 9y ago | partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial o… | |||
| CVE-2017-6355 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length … | |||
| CVE-2017-6314 | medium | 5.5 | 5.5 | 9y ago | The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. | |||
| CVE-2017-6312 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, … | |||
| CVE-2017-0529 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could… | |||
| CVE-2017-0499 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial o… | |||
| CVE-2017-0498 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factor… | |||
| CVE-2017-0496 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a… | |||
| CVE-2017-0495 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be … | |||
| CVE-2017-0494 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate … | |||
| CVE-2017-0492 | medium | 5.5 | 5.5 | 9y ago | An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a … | |||
| CVE-2017-0491 | medium | 5.5 | 5.5 | 9y ago | An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This i… | |||
| CVE-2017-0490 | medium | 5.5 | 5.5 | 9y ago | An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delete user data. This issue is rated as Moderate because it is a local bypass of user interaction requi… | |||
| CVE-2017-0489 | medium | 5.5 | 5.5 | 9y ago | An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate becaus… | |||
| CVE-2017-0488 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility… | |||
| CVE-2017-0487 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility… | |||
| CVE-2017-0486 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility… | |||
| CVE-2017-0485 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility… | |||
| CVE-2017-0484 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility… | |||
| CVE-2017-0483 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility… | |||
| CVE-2017-0482 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility… | |||
| CVE-2017-0336 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it cou… | |||
| CVE-2017-0334 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it cou… | |||
| CVE-2017-6502 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS). | |||
| CVE-2017-6501 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference. | |||
| CVE-2017-6500 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. | |||
| CVE-2017-6499 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). | |||
| CVE-2017-6498 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. | |||
| CVE-2017-5834 | medium | 5.5 | 5.5 | 9y ago | The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file. | |||
| CVE-2017-6410 | medium | 5.5 | 5.5 | 9y ago | kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string,… | |||
| CVE-2017-6404 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data. | |||
| CVE-2017-6415 | medium | 5.5 | 5.5 | 9y ago | The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file. | |||
| CVE-2017-6387 | medium | 5.5 | 5.5 | 9y ago | The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file. | |||
| CVE-2017-6353 | medium | 5.5 | 5.5 | 9y ago | net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (inva… | |||
| CVE-2017-6348 | medium | 5.5 | 5.5 | 9y ago | The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted oper… | |||
| CVE-2017-5981 | medium | 5.5 | 5.5 | 9y ago | seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file. | |||
| CVE-2017-5980 | medium | 5.5 | 5.5 | 9y ago | The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. | |||
| CVE-2017-5979 | medium | 5.5 | 5.5 | 9y ago | The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. | |||
| CVE-2017-5978 | medium | 5.5 | 5.5 | 9y ago | The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file. | |||
| CVE-2017-5977 | medium | 5.5 | 5.5 | 9y ago | The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file. | |||
| CVE-2017-5976 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial o… | |||
| CVE-2017-5975 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash… | |||
| CVE-2017-5974 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash… | |||
| CVE-2017-5855 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-5854 | medium | 5.5 | 5.5 | 9y ago | base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | |||
| CVE-2017-5852 | medium | 5.5 | 5.5 | 9y ago | The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file. | |||
| CVE-2017-5851 | medium | 5.5 | 5.5 | 9y ago | The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. NOTE: this typically has… | |||
| CVE-2017-5666 | medium | 5.5 | 5.5 | 9y ago | The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file. | |||
| CVE-2017-5665 | medium | 5.5 | 5.5 | 9y ago | The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | |||
| CVE-2017-5504 | medium | 5.5 | 5.5 | 9y ago | The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. | |||
| CVE-2017-5503 | medium | 5.5 | 5.5 | 9y ago | The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impac… | |||
| CVE-2017-5502 | medium | 5.5 | 5.5 | 9y ago | libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |||
| CVE-2017-5501 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2017-5500 | medium | 5.5 | 5.5 | 9y ago | libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |||
| CVE-2017-5499 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2017-5498 | medium | 5.5 | 5.5 | 9y ago | libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |||
| CVE-2017-6299 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c." | |||
| CVE-2017-6197 | medium | 5.5 | 5.5 | 9y ago | The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as d… | |||
| CVE-2017-6076 | medium | 5.5 | 5.5 | 9y ago | In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine. | |||
| CVE-2017-6188 | medium | 5.5 | 5.5 | 9y ago | Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user. | |||
| CVE-2017-6078 | medium | 5.5 | 5.5 | 9y ago | FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section. | |||
| CVE-2017-2368 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "Contacts" component. It allows remote attackers to cause a denial of service (application cra… | |||
| CVE-2017-5986 | medium | 5.5 | 5.5 | 9y ago | Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithr… | |||
| CVE-2017-5025 | medium | 5.5 | 5.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5024 | medium | 5.5 | 5.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-6011 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool. | |||
| CVE-2017-6010 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico fi… | |||
| CVE-2017-6009 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for m… | |||
| CVE-2017-0320 | medium | 5.5 | 5.5 | 9y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system. | |||
| CVE-2017-0319 | medium | 5.5 | 5.5 | 9y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system. | |||
| CVE-2017-0318 | medium | 5.5 | 5.5 | 9y ago | All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system. | |||
| CVE-2017-5896 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image. | |||
| CVE-2017-5846 | medium | 5.5 | 5.5 | 9y ago | The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory r… | |||
| CVE-2017-5844 | medium | 5.5 | 5.5 | 9y ago | The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception… | |||
| CVE-2017-5842 | medium | 5.5 | 5.5 | 9y ago | The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a cr… | |||
| CVE-2017-5837 | medium | 5.5 | 5.5 | 9y ago | The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception… | |||
| CVE-2017-0448 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it c… | |||
| CVE-2017-0426 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could … | |||
| CVE-2017-0425 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be … | |||
| CVE-2017-0424 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate … | |||
| CVE-2017-0421 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. … | |||
| CVE-2017-0420 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issu… | |||
| CVE-2017-0414 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This… | |||
| CVE-2017-0413 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This… | |||
| CVE-2017-5595 | medium | 5.5 | 5.5 | 9y ago | A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated… | |||
| CVE-2017-5577 | medium | 5.5 | 5.5 | 9y ago | The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local… | |||
| CVE-2017-5550 | medium | 5.5 | 5.5 | 9y ago | Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportu… | |||
| CVE-2017-5549 | medium | 5.5 | 5.5 | 9y ago | The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line sta… | |||
| CVE-2017-0398 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be … | |||
| CVE-2017-0402 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels.… | |||
| CVE-2017-0401 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of … | |||
| CVE-2017-0400 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels.… | |||
| CVE-2017-0399 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of … | |||
| CVE-2017-0397 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated… | |||
| CVE-2017-0396 | medium | 5.5 | 5.5 | 10y ago | An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. Thi… | |||
| CVE-2017-0395 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of … | |||
| CVE-2017-0393 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the poss… |