|
253611
|
7.5 |
HIGH
Network
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers.
|
CWE-200
Information Exposure
|
CVE-2017-15850
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253612
|
7.8 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potent…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15848
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253613
|
7.0 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel.
|
CWE-362
Race Condition
|
CVE-2017-15847
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253614
|
7.8 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead…
|
CWE-20
CWE-772
Improper Input Validation
Missing Release of Resource after Effective Lifetime
|
CVE-2017-15845
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253615
|
7.8 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulti…
|
CWE-416
Use After Free
|
CVE-2017-15849
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253616
|
6.1 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is conf…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15941
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253617
|
6.1 |
MEDIUM
Network
|
apache
|
sling_xss_protection_api
sling_xss_protection_api_compat
|
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as …
|
CWE-79
Cross-site Scripting
|
CVE-2017-15717
|
2024-11-21 12:15 |
2018-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253618
|
9.8 |
CRITICAL
Network
|
progress
|
sitefinity
|
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via ve…
|
CWE-287
Improper Authentication
|
CVE-2017-15883
|
2024-11-21 12:15 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253619
|
7.8 |
HIGH
Local
|
navercorp
|
whale
|
The Installer in Whale allows DLL hijacking.
|
CWE-426
Untrusted Search Path
|
CVE-2017-15913
|
2024-11-21 12:15 |
2018-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253620
|
9.8 |
CRITICAL
Network
|
apache
|
ofbiz
|
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this cod…
|
CWE-74
Injection
|
CVE-2017-15714
|
2024-11-21 12:15 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
