|
254131
|
9.8 |
CRITICAL
Network
|
tnef_project
|
tnef
|
An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2017-8911
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254132
|
5.5 |
MEDIUM
Local
|
artifex
|
ghostscript
|
The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-8908
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254133
|
4.6 |
MEDIUM
Physics
|
lightdm_project
|
lightdm
|
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users…
|
NVD-CWE-noinfo
|
CVE-2017-8900
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254134
|
5.5 |
MEDIUM
Local
|
multicorewareinc
|
x265_high_efficiency_video_coding
|
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and ot…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2017-8906
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254135
|
8.8 |
HIGH
Local
|
xen
|
xen
|
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
|
CWE-682
Incorrect Calculation
|
CVE-2017-8905
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254136
|
8.8 |
HIGH
Local
|
xen
|
xen
|
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the…
|
NVD-CWE-noinfo
|
CVE-2017-8904
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254137
|
8.8 |
HIGH
Local
|
xen
|
xen
|
Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.
|
NVD-CWE-noinfo
|
CVE-2017-8903
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254138
|
5.9 |
MEDIUM
Network
|
oneplus
|
oxygenos
|
An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-8851
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254139
|
5.9 |
MEDIUM
Network
|
oneplus
|
oxygenos
|
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers c…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-8850
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254140
|
9.8 |
CRITICAL
Network
|
invisioncommunity
|
invision_power_board
|
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack use…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8898
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
