|
250671
|
9.8 |
CRITICAL
Network
|
pyyaml
fedoraproject
|
pyyaml
fedora
|
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced f…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-18342
|
2024-11-21 12:19 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250672
|
5.5 |
MEDIUM
Local
|
google
|
android
|
User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
|
CWE-617
Reachable Assertion
|
CVE-2017-18169
|
2024-11-21 12:19 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250673
|
7.8 |
HIGH
Local
|
google
|
android
|
In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable "event->num_ndp_end_rsp_per_ndi_list" is very large which can then lead …
|
CWE-119
CWE-190
Incorrect Access of Indexable Resource ('Range Error')
Integer Overflow or Wraparound
|
CVE-2017-18070
|
2024-11-21 12:19 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250674
|
9.8 |
CRITICAL
Network
|
pvpgn
|
stats
|
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter.
|
CWE-89
SQL Injection
|
CVE-2017-18291
|
2024-11-21 12:19 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250675
|
9.8 |
CRITICAL
Network
|
pvpgn
|
stats
|
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter.
|
CWE-89
SQL Injection
|
CVE-2017-18290
|
2024-11-21 12:19 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250676
|
9.8 |
CRITICAL
Network
|
pvpgn
|
stats
|
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter.
|
CWE-89
SQL Injection
|
CVE-2017-18289
|
2024-11-21 12:19 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250677
|
9.8 |
CRITICAL
Network
|
pvpgn
|
stats
|
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter.
|
CWE-89
SQL Injection
|
CVE-2017-18288
|
2024-11-21 12:19 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250678
|
9.8 |
CRITICAL
Network
|
pvpgn
|
stats
|
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter.
|
CWE-89
SQL Injection
|
CVE-2017-18287
|
2024-11-21 12:19 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250679
|
7.8 |
HIGH
Local
|
google
|
android
|
A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-18154
|
2024-11-21 12:19 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250680
|
5.4 |
MEDIUM
Network
|
nzedb
|
nzedb
|
nZEDb v0.7.3.3 has XSS in the 404 error page.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18286
|
2024-11-21 12:19 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
