|
253101
|
7.5 |
HIGH
Network
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be excee…
|
CWE-20
Improper Input Validation
|
CVE-2017-14878
|
2024-11-21 12:13 |
2018-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253102
|
7.8 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, wma_unified_link_peer_stats_event_handler function has a variable num_rates which repre…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14885
|
2024-11-21 12:13 |
2018-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253103
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.
|
CWE-601
Open Redirect
|
CVE-2017-14802
|
2024-11-21 12:13 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253104
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14801
|
2024-11-21 12:13 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253105
|
5.3 |
MEDIUM
Network
|
suse
opensuse
|
linux_enterprise_software_development_kit
leap
|
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroot…
|
CWE-20
Improper Input Validation
|
CVE-2017-14804
|
2024-11-21 12:13 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253106
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated us…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14800
|
2024-11-21 12:13 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253107
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14799
|
2024-11-21 12:13 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253108
|
7.0 |
HIGH
Local
|
postgresql
suse
|
postgresql
suse_linux_enterprise_server
|
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
|
CWE-362
Race Condition
|
CVE-2017-14798
|
2024-11-21 12:13 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253109
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow m…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14884
|
2024-11-21 12:13 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253110
|
9.8 |
CRITICAL
Network
|
qualcomm
|
mdm9206_firmware
mdm9607_firmware
mdm9650_firmware
s820a_firmware
s820am_firmware
sd_210_firmware
sd_212_firmware
sd_410_firmware
sd_425_firmware
sd_430_firmware
sd_615_…
|
In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, S…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14910
|
2024-11-21 12:13 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
