|
253071
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
|
CWE-79
Cross-site Scripting
|
CVE-2017-15030
|
2024-11-21 12:13 |
2019-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253072
|
4.3 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-15029
|
2024-11-21 12:13 |
2019-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253073
|
7.5 |
HIGH
Network
|
arm
|
arm-trusted-firmware
|
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
|
CWE-200
Information Exposure
|
CVE-2017-15031
|
2024-11-21 12:13 |
2018-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253074
|
7.8 |
HIGH
Local
|
google
|
android
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Userspace can pass IEs to the host driver and if multiple append commands are received, then…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14888
|
2024-11-21 12:13 |
2018-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253075
|
5.9 |
MEDIUM
Network
|
shein
|
shein-fashion_shopping_online
|
The Shein Group Ltd. "SHEIN - Fashion Shopping" app -- aka shein fashion-shopping/id878577184 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers …
|
CWE-295
Improper Certificate Validation
|
CVE-2017-14710
|
2024-11-21 12:13 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253076
|
7.4 |
HIGH
Network
|
komoot
|
komoot
|
The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the…
|
CWE-200
CWE-295
Information Exposure
Improper Certificate Validation
|
CVE-2017-14709
|
2024-11-21 12:13 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253077
|
5.9 |
MEDIUM
Network
|
shpock
|
shpock
|
"Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attac…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-14612
|
2024-11-21 12:13 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253078
|
5.5 |
MEDIUM
Local
|
google
|
android
|
While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in An…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14893
|
2024-11-21 12:13 |
2018-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253079
|
5.5 |
MEDIUM
Local
|
google
|
android
|
While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14872
|
2024-11-21 12:13 |
2018-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253080
|
8.8 |
HIGH
Network
|
sierrawireless
|
gx440_firmware
es440_firmware
ls300_firmware
gx400_firmware
es450_firmware
rv50_firmware
rv50x_firmware
mp70_firmware
mp70e_firmware
gx450_firmware
|
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allo…
|
CWE-20
Improper Input Validation
|
CVE-2017-15043
|
2024-11-21 12:13 |
2018-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
