|
252421
|
9.8 |
CRITICAL
Network
|
apache
|
geode
|
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-15692
|
2024-11-21 12:15 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252422
|
7.5 |
HIGH
Network
|
apache
|
geode
|
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains …
|
CWE-200
Information Exposure
|
CVE-2017-15696
|
2024-11-21 12:15 |
2018-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252423
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly vali…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-15862
|
2024-11-21 12:15 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252424
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without val…
|
CWE-129
Improper Validation of Array Index
|
CVE-2017-15861
|
2024-11-21 12:15 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252425
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.
|
CWE-843
Type Confusion
|
CVE-2017-15860
|
2024-11-21 12:15 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252426
|
7.0 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.
|
CWE-362
Race Condition
|
CVE-2017-15829
|
2024-11-21 12:15 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252427
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.
|
CWE-416
Use After Free
|
CVE-2017-15820
|
2024-11-21 12:15 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252428
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentia…
|
CWE-20
Improper Input Validation
|
CVE-2017-15817
|
2024-11-21 12:15 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252429
|
6.5 |
MEDIUM
Network
|
apache
|
oozie
|
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file contain…
|
CWE-22
Path Traversal
|
CVE-2017-15712
|
2024-11-21 12:15 |
2018-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252430
|
6.5 |
MEDIUM
Network
|
apache
|
qpid_dispatch
|
A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Q…
|
CWE-20
Improper Input Validation
|
CVE-2017-15699
|
2024-11-21 12:15 |
2018-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
