Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-05-11 CVE-2017-8906 Integer Underflow (Wrap or Wraparound) vulnerability in Multicorewareinc X265 High Efficiency Video Coding 2.4
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products.
local
low complexity
multicorewareinc CWE-191
5.5
2017-05-11 CVE-2017-8905 Incorrect Calculation vulnerability in XEN
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
local
low complexity
xen CWE-682
8.8
2017-05-11 CVE-2017-8904 Unspecified vulnerability in XEN 4.8.0/4.8.1
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
local
low complexity
xen
8.8
2017-05-11 CVE-2017-8903 Unspecified vulnerability in XEN 4.8.0/4.8.1
Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.
local
low complexity
xen
8.8
2017-05-11 CVE-2017-7472 Improper Resource Shutdown or Release vulnerability in Linux Kernel
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
local
low complexity
linux CWE-404
5.5
2017-05-11 CVE-2017-8851 Cleartext Transmission of Sensitive Information vulnerability in Oneplus Oxygenos
An issue was discovered on OnePlus One and X devices.
network
high complexity
oneplus CWE-319
5.9
2017-05-11 CVE-2017-8850 Cleartext Transmission of Sensitive Information vulnerability in Oneplus Oxygenos
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices.
network
high complexity
oneplus CWE-319
5.9
2017-05-11 CVE-2017-5948 Improper Input Validation vulnerability in Oneplus Oxygenos
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices.
network
high complexity
oneplus CWE-20
5.9
2017-05-11 CVE-2016-10370 Improper Access Control vulnerability in Oneplus Oxygenos
An issue was discovered on OnePlus devices such as the 3T.
network
low complexity
oneplus CWE-284
7.5
2017-05-11 CVE-2017-8899 Information Exposure vulnerability in Invisioncommunity Invision Power Board
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP.
network
high complexity
invisioncommunity CWE-200
8.1