Total
13 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5884 | 2 Fedoraproject, Gnome | 2 Fedora, Gtk-vnc | 2023-02-12 | 6.8 MEDIUM | 7.8 HIGH |
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. | |||||
CVE-2017-10872 | 1 Dena | 1 H2o | 2021-04-19 | 4.0 MEDIUM | 6.5 MEDIUM |
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors. | |||||
CVE-2019-6130 | 1 Artifex | 1 Mupdf | 2020-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. | |||||
CVE-2018-7530 | 1 Omron | 7 Cx-flnet, Cx-one, Cx-programmer and 4 more | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition. | |||||
CVE-2015-9142 | 1 Qualcomm | 52 Mdm9645, Mdm9645 Firmware, Mdm9650 and 49 more | 2018-05-09 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9645, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, bounds check is missing for vtable index in DAL-TO-QDI conversion framework. | |||||
CVE-2016-10495 | 1 Qualcomm | 2 Mdm9635m, Mdm9635m Firmware | 2018-04-24 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, made changes to map the scan type value to an index value that is in range. | |||||
CVE-2015-2001 | 1 Metaio | 1 Metaio Sdk | 2018-04-23 | 7.5 HIGH | 9.8 CRITICAL |
The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | |||||
CVE-2015-2000 | 1 Jumio | 1 Jumio Sdk | 2018-04-23 | 7.5 HIGH | 9.8 CRITICAL |
The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | |||||
CVE-2015-2004 | 1 Gracenote | 1 Gnsdk | 2018-04-23 | 7.5 HIGH | 9.8 CRITICAL |
The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | |||||
CVE-2015-2003 | 1 Pjsip | 1 Pjsua2 Sdk | 2018-04-23 | 7.5 HIGH | 9.8 CRITICAL |
The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | |||||
CVE-2015-2002 | 1 Esri | 1 Arcgisruntime Sdk | 2018-04-23 | 7.5 HIGH | 9.8 CRITICAL |
The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | |||||
CVE-2014-9411 | 1 Google | 1 Android | 2017-08-23 | 10.0 HIGH | 9.8 CRITICAL |
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. | |||||
CVE-2017-0302 | 1 F5 | 1 Big-ip Access Policy Manager | 2017-07-07 | 3.5 LOW | 5.3 MEDIUM |
In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters. |