Total
2579 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-0521 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.6 HIGH | 7.0 HIGH |
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32919951. References: QC-CR#1097709. | |||||
CVE-2017-0410 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31929765. | |||||
CVE-2017-0383 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1. Android ID: A-31677614. | |||||
CVE-2017-0381 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432. | |||||
CVE-2017-0309 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Linux Kernel, Windows and 2 more | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges. | |||||
CVE-2017-0307 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33177895. References: N-CVE-2017-0307. | |||||
CVE-2017-0104 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerability." | |||||
CVE-2016-9824 | 1 Libav | 1 Libav | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
CVE-2016-9822 | 1 Libav | 1 Libav | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
CVE-2016-9821 | 1 Libav | 1 Libav | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
CVE-2016-9754 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file. | |||||
CVE-2016-9580 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 6.8 MEDIUM | 3.3 LOW |
An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. | |||||
CVE-2016-9558 | 1 Libdwarf Project | 1 Libdwarf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow." | |||||
CVE-2016-9557 | 1 Jasper Project | 1 Jasper | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
CVE-2016-9538 | 1 Libtiff | 1 Libtiff | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. | |||||
CVE-2016-9445 | 1 Gstreamer Project | 1 Gstreamer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. | |||||
CVE-2016-9427 | 3 Bdwgc Project, Debian, Opensuse | 4 Bdwgc, Debian Linux, Leap and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation. | |||||
CVE-2016-9426 | 1 Tats | 1 W3m | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page. | |||||
CVE-2016-9387 | 1 Jasper Project | 1 Jasper | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure. | |||||
CVE-2016-9277 | 1 Samsung | 1 Samsung Mobile | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906. |