|
251971
|
7.8 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of messages of type eWNI_SME_MODIFY_ADDITIONAL_IES, an integer overfl…
|
CWE-119
CWE-190
Incorrect Access of Indexable Resource ('Range Error')
Integer Overflow or Wraparound
|
CVE-2017-14887
|
2024-11-21 12:13 |
2018-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251972
|
7.5 |
HIGH
Network
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing VENDOR specific action frame in the function lim_process_action_vendor…
|
CWE-119
CWE-200
Incorrect Access of Indexable Resource ('Range Error')
Information Exposure
|
CVE-2017-14882
|
2024-11-21 12:13 |
2018-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251973
|
7.5 |
HIGH
Network
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be excee…
|
CWE-20
Improper Input Validation
|
CVE-2017-14878
|
2024-11-21 12:13 |
2018-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251974
|
7.8 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, wma_unified_link_peer_stats_event_handler function has a variable num_rates which repre…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14885
|
2024-11-21 12:13 |
2018-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251975
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.
|
CWE-601
Open Redirect
|
CVE-2017-14802
|
2024-11-21 12:13 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251976
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14801
|
2024-11-21 12:13 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251977
|
5.3 |
MEDIUM
Network
|
suse
opensuse
|
linux_enterprise_software_development_kit
leap
|
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroot…
|
CWE-20
Improper Input Validation
|
CVE-2017-14804
|
2024-11-21 12:13 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251978
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated us…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14800
|
2024-11-21 12:13 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251979
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14799
|
2024-11-21 12:13 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251980
|
7.0 |
HIGH
Local
|
postgresql
suse
|
postgresql
suse_linux_enterprise_server
|
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
|
CWE-362
Race Condition
|
CVE-2017-14798
|
2024-11-21 12:13 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
