Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-21 | CVE-2017-14646 | Out-of-bounds Read vulnerability in Axiosys Bento4 1.5.0617 The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. | 7.5 |
| 2017-09-21 | CVE-2017-14644 | Out-of-bounds Write vulnerability in Bento4 1.5.0617 A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. | 8.8 |
| 2017-09-21 | CVE-2017-14639 | Type Confusion vulnerability in Bento4 1.5.0617 AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact. | 8.8 |
| 2017-09-21 | CVE-2017-14320 | Improper Input Validation vulnerability in Mirasvit Helpdesk MX 1.5.2 Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files. | 8.0 |
| 2017-09-21 | CVE-2017-12929 | Unrestricted Upload of File with Dangerous Type vulnerability in Tecnovision DLX Spot Player4 Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | 8.8 |
| 2017-09-21 | CVE-2015-3887 | Untrusted Search Path vulnerability in Proxychains-Ng Project Proxychains-Ng Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path. | 7.8 |
| 2017-09-21 | CVE-2017-9725 | Incorrect Calculation vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail. | 7.8 |
| 2017-09-21 | CVE-2017-9724 | Improper Privilege Management vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address. | 7.8 |
| 2017-09-21 | CVE-2017-9720 | Off-by-one Error vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur. | 7.8 |
| 2017-09-21 | CVE-2017-9677 | Race Condition vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. | 7.8 |