Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-16 | CVE-2017-14034 | Out-of-bounds Read vulnerability in Libbpg Project Libbpg 0.9.7 The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact. | 8.8 |
| 2017-11-16 | CVE-2017-13136 | Integer Overflow or Wraparound vulnerability in Libbpg Project Libbpg 0.9.7 The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference. | 8.8 |
| 2017-11-16 | CVE-2017-13135 | NULL Pointer Dereference vulnerability in Libbpg Project Libbpg 0.9.7 A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure. | 7.8 |
| 2017-11-16 | CVE-2017-16837 | Improper Input Validation vulnerability in Trusted Boot Project Trusted Boot 1.9.6 Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers. | 7.8 |
| 2017-11-16 | CVE-2017-16834 | Incorrect Permission Assignment for Critical Resource vulnerability in Pnp4Nagios PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account. | 7.8 |
| 2017-11-15 | CVE-2017-15115 | Use After Free vulnerability in multiple products The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. | 7.8 |
| 2017-11-15 | CVE-2014-3150 | 7PK - Security Features vulnerability in Orange Livebox 1.1 Firmware 26014A Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. | 8.8 |
| 2017-11-15 | CVE-2017-15923 | Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. | 7.5 |
| 2017-11-15 | CVE-2017-15806 | Code Injection vulnerability in Zetacomponents Mail The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php." | 8.1 |
| 2017-11-15 | CVE-2017-15288 | Incorrect Permission Assignment for Critical Resource vulnerability in Scala-Lang Scala The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. | 7.8 |