Security Vulnerabilities - CVEs Published In May 2017
An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-05-15
A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-05-15
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
CVSS Score
7.5
EPSS Score
0.152
Published
2017-05-15
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
CVSS Score
6.5
EPSS Score
0.008
Published
2017-05-15
fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-05-15
Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
CVSS Score
7.8
EPSS Score
0.013
Published
2017-05-15
Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
CVSS Score
7.8
EPSS Score
0.012
Published
2017-05-15
The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
5.9
EPSS Score
0.001
Published
2017-05-15
The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
5.9
EPSS Score
0.001
Published
2017-05-15
The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
5.9
EPSS Score
0.001
Published
2017-05-15