VYPR

CVEs

101,963 total · page 1866 of 2,040

  • CVE-2017-15243HigOct 11, 2017
    risk 0.51cvss 7.8epss 0.02

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x00000000000568a4."

  • CVE-2017-15242HigOct 11, 2017
    risk 0.51cvss 7.8epss 0.03

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x0000000000031abe."

  • CVE-2017-15241HigOct 11, 2017
    risk 0.51cvss 7.8epss 0.02

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at…

  • CVE-2017-15240HigOct 11, 2017
    risk 0.51cvss 7.8epss 0.02

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132cef."

  • CVE-2017-15239HigOct 11, 2017
    risk 0.51cvss 7.8epss 0.02

    IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at…

  • CVE-2017-15267HigOct 11, 2017
    risk 0.49cvss 7.5epss 0.03

    In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.

  • CVE-2017-13722HigOct 11, 2017
    risk 0.46cvss 7.1epss 0.00

    In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X…

  • CVE-2017-13720HigOct 11, 2017
    risk 0.46cvss 7.1epss 0.00

    In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This…

  • CVE-2017-12188HigOct 11, 2017
    risk 0.51cvss 7.8epss 0.00

    arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service…

  • CVE-2017-15238HigOct 11, 2017
    risk 0.57cvss 8.8epss 0.02

    ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.

  • CVE-2017-15236HigOct 11, 2017
    risk 0.52cvss 7.5epss 0.04

    Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt.

  • CVE-2017-15235HigOct 11, 2017
    risk 0.52cvss 7.5epss 0.06

    The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.

  • CVE-2017-5722HigOct 11, 2017
    risk 0.49cvss 7.5epss 0.00

    Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage.

  • CVE-2017-5721HigOct 11, 2017
    risk 0.49cvss 7.5epss 0.01

    Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory.

  • CVE-2017-5701HigOct 11, 2017
    risk 0.46cvss 7.1epss 0.00

    Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery.

  • CVE-2017-5700HigOct 11, 2017
    risk 0.55cvss 8.4epss 0.00

    Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.

  • CVE-2017-15193HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.

  • CVE-2017-15192HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.

  • CVE-2017-15191HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.

  • CVE-2017-15190HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.

  • CVE-2017-15189HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.

  • CVE-2017-9717HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing Netlink attributes, a buffer overread can occur.

  • CVE-2017-9715HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a vendor command, a buffer over-read can occur.

  • CVE-2017-9714HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an out of bound memory access may happen in limCheckRxRSNIeMatch in case incorrect RSNIE is received from the client in assoc request.

  • CVE-2017-9706HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an array out-of-bounds access can potentially occur in a display driver.

  • CVE-2017-9697HigOct 10, 2017
    risk 0.46cvss 7.0epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table.

  • CVE-2017-9687HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two concurrent threads/processes can write the value of "0" to the debugfs file that controls ipa ipc log which will lead to the double-free in…

  • CVE-2017-9686HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used.

  • CVE-2017-9683HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a meta image, an integer overflow can occur, if user-defined image offset and size values are too large.

  • CVE-2017-11067HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the Athdiag procfs entry does not have a proper address sanity check which may potentially lead to the use of an out-of-range pointer offset.

  • CVE-2017-11064HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211…

  • CVE-2017-11062HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently attributes are not validated in __wlan_hdd_cfg80211_do_acs which can potentially lead to a buffer overread.

  • CVE-2017-11061HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing cfg80211 vendor sub command QCA_NL80211_VENDOR_SUBCMD_ROAM, a buffer over-read can occur.

  • CVE-2017-11060HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211…

  • CVE-2017-11059HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, setting the HMAC key by different threads during SHA operations may potentially lead to a buffer overflow.

  • CVE-2017-11057HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in compatibility mode, flash_data from 64-bit userspace may cause disclosure of kernel memory or a fault due to using a userspace-provided address.

  • CVE-2017-11056HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while doing sha and cipher operations, a userspace buffer is directly accessed in kernel space potentially leading to a page fault.

  • CVE-2017-11055HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION cfg80211 vendor command, a buffer over-read can occur.

  • CVE-2017-11054HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.

  • CVE-2017-11053HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when qos map set IE of length less than 16 is received in association response or in qos map configure action frame, a buffer overflow can potentially occur in…

  • CVE-2017-11052HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a buffer over-read can occur.

  • CVE-2017-11051HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since buffer hb_params is not initialized to zero.

  • CVE-2017-11050HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when the pktlogconf tool gives a pktlog buffer of size less than the minimal possible source data size in the host driver, a buffer overflow can potentially occur.

  • CVE-2017-11048HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur.

  • CVE-2017-11046HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentially occur.

  • CVE-2015-8239HigOct 10, 2017
    risk 0.46cvss 7.0epss 0.01

    The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.

  • CVE-2015-7503HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.01

    Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.

  • CVE-2015-7384HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.08

    Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.

  • CVE-2015-5675HigOct 10, 2017
    risk 0.51cvss 7.8epss 0.01

    The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).

  • CVE-2015-5639HigOct 10, 2017
    risk 0.48cvss 7.4epss 0.01

    niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks.