Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-03 | CVE-2017-8453 | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Reader Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | 8.8 |
| 2017-05-03 | CVE-2017-7431 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. | 8.8 |
| 2017-05-02 | CVE-2017-0331 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.8 |
| 2017-05-02 | CVE-2015-9004 | Permissions, Privileges, and Access Controls vulnerability in multiple products kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. | 7.8 |
| 2017-05-02 | CVE-2014-9940 | Use After Free vulnerability in multiple products The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. | 7.0 |
| 2017-05-02 | CVE-2017-8419 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lame Project Lame LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels. | 7.8 |
| 2017-05-02 | CVE-2017-7483 | Out-of-bounds Read vulnerability in multiple products Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read. | 7.5 |
| 2017-05-02 | CVE-2015-8257 | Command Injection vulnerability in Axis Network Camera Firmware The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml. | 8.8 |
| 2017-05-01 | CVE-2017-8403 | Improper Authentication vulnerability in 360Fly 4K Camera Firmware 2.1.4 360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. | 8.8 |
| 2017-05-01 | CVE-2017-8400 | Out-of-bounds Write vulnerability in Swftools In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. | 8.8 |