|
253171
|
9.8 |
CRITICAL
Network
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15815
|
2024-11-21 12:15 |
2018-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253172
|
6.1 |
MEDIUM
Network
|
wicket-jquery-ui_project
|
wicket-jquery-ui
|
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to …
|
CWE-79
Cross-site Scripting
|
CVE-2017-15719
|
2024-11-21 12:15 |
2018-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253173
|
7.5 |
HIGH
Network
|
apache
|
geode
|
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-15693
|
2024-11-21 12:15 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253174
|
9.8 |
CRITICAL
Network
|
apache
|
geode
|
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-15692
|
2024-11-21 12:15 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253175
|
7.5 |
HIGH
Network
|
apache
|
geode
|
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains …
|
CWE-200
Information Exposure
|
CVE-2017-15696
|
2024-11-21 12:15 |
2018-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253176
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly vali…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-15862
|
2024-11-21 12:15 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253177
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without val…
|
CWE-129
Improper Validation of Array Index
|
CVE-2017-15861
|
2024-11-21 12:15 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253178
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.
|
CWE-843
Type Confusion
|
CVE-2017-15860
|
2024-11-21 12:15 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253179
|
7.0 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.
|
CWE-362
Race Condition
|
CVE-2017-15829
|
2024-11-21 12:15 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253180
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.
|
CWE-416
Use After Free
|
CVE-2017-15820
|
2024-11-21 12:15 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
