Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2017
CVE-2017-9684
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.
CVSS Score
7.0
EPSS Score
0.001
Published
2017-08-18
CVE-2017-9685
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.
CVSS Score
8.1
EPSS Score
0.001
Published
2017-08-18
CVE-2016-10389
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-18
CVE-2016-10390
In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-08-18
CVE-2016-10391
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-08-18
CVE-2016-10392
In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-08-18
CVE-2016-5871
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-08-18
CVE-2016-5872
In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-08-18
CVE-2017-12881
Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-08-18
CVE-2017-12882
Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-08-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved