Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-18 CVE-2017-12963 Out-of-bounds Read vulnerability in Libsass 3.4.5
There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack.
network
low complexity
libsass CWE-125
7.5
7.5
2017-08-18 CVE-2017-12962 Missing Release of Resource after Effective Lifetime vulnerability in Libsass 3.4.5
There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack.
network
low complexity
libsass CWE-772
7.5
7.5
2017-08-18 CVE-2017-12961 Improper Input Validation vulnerability in GNU Pspp 0.11.0
There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
network
low complexity
gnu CWE-20
7.5
7.5
2017-08-18 CVE-2017-12960 Reachable Assertion vulnerability in GNU Pspp 0.11.0
There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
network
low complexity
gnu CWE-617
7.5
7.5
2017-08-18 CVE-2017-12959 Reachable Assertion vulnerability in GNU Pspp 0.11.0
There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.
network
low complexity
gnu CWE-617
7.5
7.5
2017-08-18 CVE-2017-12958 Out-of-bounds Read vulnerability in GNU Pspp 0.11.0
There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
network
low complexity
gnu CWE-125
7.5
7.5
2017-08-18 CVE-2017-12955 Out-of-bounds Write vulnerability in Exiv2 0.26
There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26.
network
low complexity
exiv2 CWE-787
8.8
8.8
2017-08-18 CVE-2017-9685 Use After Free vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.
network
high complexity
google CWE-416
8.1
8.1
2017-08-18 CVE-2017-9684 Use After Free vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.
local
high complexity
google CWE-416
7.0
7.0
2017-08-18 CVE-2017-9680 Information Exposure vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.
network
low complexity
google CWE-200
7.5
7.5