Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-11 | CVE-2017-15267 | NULL Pointer Dereference vulnerability in GNU Libextractor 1.4 In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. | 7.5 |
| 2017-10-11 | CVE-2017-13722 | Out-of-bounds Read vulnerability in X.Org Libxfont 2.0.0/2.0.1 In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. | 7.1 |
| 2017-10-11 | CVE-2017-13720 | Out-of-bounds Read vulnerability in X.Org Libxfont 2.0.0/2.0.1 In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). | 7.1 |
| 2017-10-11 | CVE-2017-12188 | Unspecified vulnerability in Linux Kernel arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun." | 7.8 |
| 2017-10-11 | CVE-2017-15238 | Use After Free vulnerability in multiple products ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. | 8.8 |
| 2017-10-11 | CVE-2017-15236 | Information Exposure vulnerability in Tiandy IP Camera Firmware 5.56.17.120 Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt. | 7.5 |
| 2017-10-11 | CVE-2017-15235 | Forced Browsing vulnerability in Horde Groupware 5.2.21 The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. | 7.5 |
| 2017-10-11 | CVE-2017-5722 | Improper Privilege Management vulnerability in Intel products Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage. | 7.5 |
| 2017-10-11 | CVE-2017-5721 | Improper Input Validation vulnerability in Intel products Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory. | 7.5 |
| 2017-10-11 | CVE-2017-5701 | Unspecified vulnerability in Intel products Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery. high complexity intel | 7.1 |