CVE-2018-7884

An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL...

CVE-2017-13214

In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android...

CVE-2017-13211

In btascanresultscbimpl of btifblescanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not neede...

Hardcoded credentials

In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android...

CVE-2017-13193

In ihevcddecode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction i...

Denial of service

In the ihevcddecode function of ihevcddecode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android...

Design/Logic Flaw

In ihevcddecode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction i...

Design/Logic Flaw

In the ihevcdparsesliceheader function of ihevcdparsesliceheader.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not...

CVE-2017-13192

In the ihevcdparsesliceheader function of ihevcdparsesliceheader.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not...

CVE-2017-13193

In ihevcddecode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction i...

CVE-2017-13197

In the ihevcdparseslice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1...

CVE-2017-13214

In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android...

CVE-2017-13197

CVE-2017-13197 affects Android’s Media Framework (family of code using ihevcd_parse_slice.c). The vulnerability arises because slave threads are not joined when an error occurs, leading to a remote denial of service of a critical system process without extra privileges or user interaction. Affect...

Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability

Document Title: =============== Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1943 Release Date: ============= 2018-01-04 Vulnerability Laboratory ID VL-ID: ====================================...

Information disclosure

A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. More Information: CSCvd59341. Known Affected Releases: 4.21.0P1...

CVE-2017-6726

A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. More Information: CSCvd59341. Known Affected Releases: 4.21.0P1...

CVE-2017-6726

A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. More Information: CSCvd59341. Known Affected Releases: 4.21.0P1...

CVE-2017-6726

CVE-2017-6726 affects the CLI of Cisco Prime Network Gateway. The vulnerability allows an authenticated, local attacker to retrieve system process information, potentially leading to confidential information disclosure. Affected release noted: 4.2(1.0)P1. The issue stems from insufficient input/v...

Cisco Prime Network Information Disclosure Vulnerability

A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checking mechanisms in the...

WinPower 4.9.0.4 - Local Privilege Escalation

// Exploit Title: WinPower V4.9.0.4 Privilege Escalation // Date: 29-11-2016 // Software Link: http://www.ups-software-download.com/ // Exploit Author: Kacper Szurek // Contact: http://twitter.com/KacperSzurek // Website: http://security.szurek.pl/ // Category: local / 1. Description UPSmonitor...