CVSS: 7.8EPSS: 7%CPEs: 21EXPL: 1CVE-2017-14496 – Dnsmasq < 2.78 - Integer Underflow
https://notcve.org/view.php?id=CVE-2017-14496
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. Un desbordamiento inferior de enteros en las versiones anteriores a la 2.78 de dnsmasq, cuando están especificadas las opciones --add-mac, --add-cpe-id o --add-subnet, permite que los atacantes remotos provoquen una denegación de servicio mediante una petición DNS manipulada. An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. • https://www.exploit-db.com/exploits/42946 http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://thekelleys.org.uk/dnsmasq/CHANGELOG http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=897c113fda0886a28a986cc6ba17bb93bd6cb1c7 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt http://www.debian.org/security/2017/dsa-3989 http://www.securityfocus.com/bid/101085 http://www.securityfocu • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1526
https://notcve.org/view.php?id=CVE-2015-1526
The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. El componente media_server en Android permite que los atacantes remotos provoquen una denegación de servicio mediante una aplicación modificada. • http://www.securityfocus.com/bid/76666 https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1537
https://notcve.org/view.php?id=CVE-2015-1537
Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. Un desbordamiento de enteros en el componente media_server en Android permite que los atacantes remotos ejecuten código arbitrario mediante una aplicación modificada. • http://www.securityfocus.com/bid/76670 https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced%5E%21/#F0 https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5868
https://notcve.org/view.php?id=CVE-2016-5868
drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. drivers/net/ethernet/msm/rndis_ipa.c en el controlador de networking de Qualcomm en Android permite que los atacantes remotos ejecuten código arbitrario mediante una aplicación manipulada que compromete un proceso privilegiado. • http://www.securityfocus.com/bid/98197 https://source.android.com/security/bulletin/2017-05-01 https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=fbb765a3f813f5cc85ddab21487fd65f24bf6a8c • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10999
https://notcve.org/view.php?id=CVE-2017-10999
In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks. En todos los productos Qualcomm con sistemas operativos Android distribuidos desde el CAF utilizando el kernel de Linux, una serie de llamadas concurrentes en el ioctl RMNET_IOCTL_ADD_MUX_CHANNEL en el driver ipa wan podría provocar la corrupción de la memoria debido a la ausencia de "locks". • http://www.securityfocus.com/bid/100658 https://source.android.com/security/bulletin/2017-09-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •