CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5751 CVE-2017-0904 254 Bypass 2017-11-13 2017-11-29
6.8
None Remote Medium Not required Partial Partial Partial
The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.
5752 CVE-2017-0902 284 2017-08-31 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
5753 CVE-2017-0901 20 2017-08-31 2019-05-13
6.4
None Remote Low Not required None Partial Partial
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
5754 CVE-2017-0898 134 Mem. Corr. 2017-09-15 2018-07-14
6.4
None Remote Low Not required Partial None Partial
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
5755 CVE-2017-0804 264 2017-09-08 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487.
5756 CVE-2017-0803 264 2017-09-08 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477.
5757 CVE-2017-0802 264 2017-09-08 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36232120. References: M-ALPS03384818.
5758 CVE-2017-0794 264 2017-09-08 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.
5759 CVE-2017-0783 200 +Info 2017-09-14 2018-01-18
6.1
None Local Network Low Not required Complete None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.
5760 CVE-2017-0750 264 2017-08-09 2018-03-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013.
5761 CVE-2017-0749 264 2017-08-09 2017-08-19
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-36007735.
5762 CVE-2017-0747 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Qualcomm proprietary component. Product: Android. Versions: Android kernel. Android ID: A-32524214. References: QC-CR#2044821.
5763 CVE-2017-0746 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Qualcomm ipa driver. Product: Android. Versions: Android kernel. Android ID: A-35467471. References: QC-CR#2029392.
5764 CVE-2017-0742 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek video driver. Product: Android. Versions: Android kernel. Android ID: A-36074857. References: M-ALPS03275524.
5765 CVE-2017-0741 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523.
5766 CVE-2017-0740 284 Exec Code 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in the Broadcom networking driver. Product: Android. Versions: Android kernel. Android ID: A-37168488. References: B-RB#116402.
5767 CVE-2017-0737 264 2017-08-09 2018-06-27
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942.
5768 CVE-2017-0732 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37504237.
5769 CVE-2017-0731 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.
5770 CVE-2017-0729 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346.
5771 CVE-2017-0727 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.
5772 CVE-2017-0713 284 Exec Code 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in the Android libraries (sfntly). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-32096780.
5773 CVE-2017-0712 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android framework (wi-fi service). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207928.
5774 CVE-2017-0710 264 2017-07-06 2017-07-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864.
5775 CVE-2017-0707 264 2017-07-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the HTC led driver. Product: Android. Versions: Android kernel. Android ID: A-36088467.
5776 CVE-2017-0704 264 2017-07-06 2017-07-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-33059280.
5777 CVE-2017-0663 284 Exec Code 2017-06-14 2017-11-10
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.
5778 CVE-2017-0638 284 Exec Code 2017-06-14 2017-07-07
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High because it is a remote arbitrary code execution in an unprivileged process. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36368305.
5779 CVE-2017-0554 264 +Priv 2017-04-07 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946.
5780 CVE-2017-0478 284 Exec Code 2017-03-07 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33718716.
5781 CVE-2017-0477 284 Exec Code 2017-03-07 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-33621647.
5782 CVE-2017-0476 119 Exec Code Overflow Mem. Corr. 2017-03-07 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33388925.
5783 CVE-2017-0409 284 Exec Code 2017-02-08 2017-07-24
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646.
5784 CVE-2017-0408 284 Exec Code 2017-02-08 2017-07-24
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-32769670.
5785 CVE-2017-0382 284 Exec Code 2017-01-12 2017-01-18
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390.
5786 CVE-2017-0373 20 2017-05-23 2017-06-08
6.8
None Remote Medium Not required Partial Partial Partial
The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.
5787 CVE-2017-0367 264 2018-04-13 2018-05-14
6.5
None Remote Low Single system Partial Partial Partial
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
5788 CVE-2017-0362 352 CSRF 2018-04-13 2018-05-15
6.8
None Remote Medium Not required Partial Partial Partial
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.
5789 CVE-2017-0343 362 DoS 2017-05-09 2017-05-17
6.9
None Local Medium Not required Complete Complete Complete
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two functions leading to a denial of service or potential escalation of privileges.
5790 CVE-2017-0317 275 Exec Code 2017-02-15 2017-02-23
6.9
None Local Medium Not required Complete Complete Complete
All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution.
5791 CVE-2017-0279 19 Exec Code 2017-05-12 2018-03-27
6.8
None Remote Medium Not required Partial Partial Partial
The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278.
5792 CVE-2017-0278 19 Exec Code 2017-05-12 2018-03-27
6.8
None Remote Medium Not required Partial Partial Partial
The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0279.
5793 CVE-2017-0277 19 Exec Code 2017-05-12 2018-03-27
6.8
None Remote Medium Not required Partial Partial Partial
The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279.
5794 CVE-2017-0246 264 DoS +Priv 2017-05-12 2017-07-07
6.9
None Local Medium Not required Complete Complete Complete
The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka "Win32k Elevation of Privilege Vulnerability."
5795 CVE-2017-0244 264 DoS +Priv 2017-05-12 2017-07-07
6.9
None Local Medium Not required Complete Complete Complete
The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause denial of service, aka "Windows Kernel Elevation of Privilege Vulnerability."
5796 CVE-2017-0186 20 DoS 2017-04-12 2017-04-18
6.3
None Remote Medium Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0185.
5797 CVE-2017-0185 20 DoS 2017-04-12 2017-07-10
6.3
None Remote Medium Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0186.
5798 CVE-2017-0183 20 DoS 2017-04-12 2017-04-18
6.3
None Remote Medium Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.
5799 CVE-2017-0182 20 DoS 2017-04-12 2017-04-18
6.3
None Remote Medium Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.
5800 CVE-2017-0179 20 DoS 2017-04-12 2017-04-18
6.3
None Remote Medium Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.