|
249851
|
7.8 |
HIGH
Local
|
google
|
android
|
In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-02-12, an array out of bounds can occur.
|
CWE-120
Classic Buffer Overflow
|
CVE-2017-17771
|
2024-11-21 12:18 |
2018-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249852
|
5.5 |
MEDIUM
Local
|
google
|
android
|
Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver.
|
CWE-200
Information Exposure
|
CVE-2017-17769
|
2024-11-21 12:18 |
2018-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249853
|
9.8 |
CRITICAL
Network
|
google
|
android
|
In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-17766
|
2024-11-21 12:18 |
2018-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249854
|
8.8 |
HIGH
Network
|
bose
|
soundtouch
|
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol.
|
NVD-CWE-noinfo
|
CVE-2017-17751
|
2024-11-21 12:18 |
2018-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249855
|
5.4 |
MEDIUM
Network
|
bose
|
soundtouch
|
Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17750
|
2024-11-21 12:18 |
2018-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249856
|
5.4 |
MEDIUM
Network
|
bose
|
soundtouch
|
Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17749
|
2024-11-21 12:18 |
2018-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249857
|
9.8 |
CRITICAL
Network
|
kentico
|
kentico_cms
|
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashb…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2017-17736
|
2024-11-21 12:18 |
2018-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249858
|
6.7 |
MEDIUM
Local
|
ucopia
|
wireless_appliance_firmware
|
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote att…
|
CWE-287
Improper Authentication
|
CVE-2017-17743
|
2024-11-21 12:18 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249859
|
7.5 |
HIGH
Network
|
ncr
|
s1_dispenser_controller_firmware
|
Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions wit…
|
CWE-863
Incorrect Authorization
|
CVE-2017-17668
|
2024-11-21 12:18 |
2018-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249860
|
9.8 |
CRITICAL
Network
|
qualcomm
|
mdm9206_firmware
mdm9607_firmware
mdm9650_firmware
sd_210_firmware
sd_212_firmware
sd_412_firmware
sd_410_firmware
sd_425_firmware
sd_430_firmware
sd_616_firmware
sd_615…
|
In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17773
|
2024-11-21 12:18 |
2018-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
