Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-21 | CVE-2017-10999 | Unspecified vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks. | 7.8 |
| 2017-09-21 | CVE-2017-10998 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is fully within the valid region. | 7.8 |
| 2017-09-21 | CVE-2017-10997 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory. | 7.8 |
| 2017-09-21 | CVE-2017-14160 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. | 8.8 |
| 2017-09-21 | CVE-2015-8559 | Information Exposure vulnerability in Chef The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages. | 7.5 |
| 2017-09-21 | CVE-2015-0276 | Cross-Site Request Forgery (CSRF) vulnerability in Kallithea-Scm Kallithea 0.1 Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. | 8.8 |
| 2017-09-21 | CVE-2017-14635 | Improper Input Validation vulnerability in Otrs In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection. | 8.8 |
| 2017-09-21 | CVE-2017-14246 | Out-of-bounds Read vulnerability in multiple products An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | 8.1 |
| 2017-09-21 | CVE-2017-14245 | Out-of-bounds Read vulnerability in multiple products An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | 8.1 |
| 2017-09-21 | CVE-2017-14629 | Integer Overflow or Wraparound vulnerability in Sam2P Project Sam2P 0.49.3 In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element. | 7.5 |