VYPR

CVEs

101,963 total · page 1872 of 2,040

  • CVE-2017-9720HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur.

  • CVE-2017-9677HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another…

  • CVE-2017-8280HigSep 21, 2017
    risk 0.46cvss 7.0epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch.

  • CVE-2017-8278HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur.

  • CVE-2017-8277HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time.

  • CVE-2017-8251HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->stream_handle.

  • CVE-2017-8250HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nr_cmds" and "nr_bos" number are passed across functions without any check. An integer overflow to buffer overflow (with a smaller buffer allocated) may occur when they are…

  • CVE-2017-8247HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. This would lead to get_pid being called more than once, however put_pid being called only…

  • CVE-2017-11041HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an output buffer is accessed in one thread and can be potentially freed in another.

  • CVE-2017-11000HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write.

  • CVE-2017-10999HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks.

  • CVE-2017-10998HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is fully within the valid region. If the buffer length is large enough then the…

  • CVE-2017-10997HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory.

  • CVE-2017-14160HigSep 21, 2017
    risk 0.58cvss 8.8epss 0.05

    The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.

  • CVE-2015-8559HigSep 21, 2017
    risk 0.42cvss 7.5epss 0.02

    The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.

  • CVE-2015-0276HigSep 21, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2.

  • CVE-2017-14635HigSep 21, 2017
    risk 0.57cvss 8.8epss 0.02

    In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.

  • CVE-2017-14246HigSep 21, 2017
    risk 0.53cvss 8.1epss 0.02

    An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.

  • CVE-2017-14245HigSep 21, 2017
    risk 0.53cvss 8.1epss 0.02

    An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.

  • CVE-2017-14629HigSep 21, 2017
    risk 0.49cvss 7.5epss 0.01

    In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element.

  • CVE-2017-12253HigSep 21, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the…

  • CVE-2017-12252HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application…

  • CVE-2017-12219HigSep 21, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The…

  • CVE-2017-12215HigSep 21, 2017
    risk 0.46cvss 7.1epss 0.02

    A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system…

  • CVE-2017-12214HigSep 21, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of…

  • CVE-2017-14623HigSep 20, 2017
    risk 0.46cvss 8.1epss 0.02

    In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine…

  • CVE-2017-14617HigSep 20, 2017
    risk 0.51cvss 7.8epss 0.01

    In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

  • CVE-2017-14616HigSep 20, 2017
    risk 0.49cvss 7.5epss 0.02

    An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing…

  • CVE-2015-9231HigSep 20, 2017
    risk 0.42cvss 7.5epss 0.02

    iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see…

  • CVE-2017-14610HigSep 20, 2017
    risk 0.51cvss 7.8epss 0.00

    bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification…

  • CVE-2017-14609HigSep 20, 2017
    risk 0.51cvss 7.8epss 0.00

    The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a…

  • CVE-2015-5395HigSep 20, 2017
    risk 0.50cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.

  • CVE-2015-3890HigSep 20, 2017
    risk 0.49cvss 7.5epss 0.01

    Use-after-free vulnerability in Open Litespeed before 1.3.10.

  • CVE-2015-0162HigSep 20, 2017
    risk 0.46cvss 7.0epss 0.00

    IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.

  • CVE-2017-9804HigSep 20, 2017
    risk 0.43cvss 7.5epss 0.08

    In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. …

  • CVE-2017-9793HigSep 20, 2017
    risk 0.49cvss 7.5epss 0.09

    The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

  • CVE-2017-14607HigSep 20, 2017
    risk 0.53cvss 8.1epss 0.02

    In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

  • CVE-2017-9607HigSep 20, 2017
    risk 0.46cvss 7.0epss 0.01

    The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image,…

  • CVE-2017-7924HigSep 20, 2017
    risk 0.54cvss 7.5epss 0.22

    An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands…

  • CVE-2017-14339HigSep 20, 2017
    risk 0.49cvss 7.5epss 0.03

    The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.

  • CVE-2015-5607HigSep 20, 2017
    risk 0.50cvss 8.8epss 0.01

    Cross-site request forgery in the REST API in IPython 2 and 3.

  • CVE-2015-5179HigSep 20, 2017
    risk 0.49cvss 7.5epss 0.01

    FreeIPA might display user data improperly via vectors involving non-printable characters.

  • CVE-2015-4075HigSep 20, 2017
    risk 0.56cvss 8.1epss 0.07

    The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.

  • CVE-2015-4074HigSep 20, 2017
    risk 0.56cvss 7.5epss 0.57

    Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.

  • CVE-2015-1329HigSep 20, 2017
    risk 0.58cvss 8.8epss 0.05

    Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code.

  • CVE-2017-8770HigSep 20, 2017
    risk 0.53cvss 7.5epss 0.10

    There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.

  • CVE-2015-4685HigSep 19, 2017
    risk 0.49cvss 7.0epss 0.01

    Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.

  • CVE-2015-4681HigSep 19, 2017
    risk 0.54cvss 7.8epss 0.02

    Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.

  • CVE-2017-12837HigSep 19, 2017
    risk 0.49cvss 7.5epss 0.06

    Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

  • CVE-2017-14033HigSep 19, 2017
    risk 0.42cvss 7.5epss 0.08

    The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.