|
248381
|
8.8 |
HIGH
Network
|
infor
|
enterprise_asset_management
|
INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.
|
CWE-89
SQL Injection
|
CVE-2017-7952
|
2024-11-21 12:33 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248382
|
7.8 |
HIGH
Local
|
google
|
android
|
In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized a…
|
CWE-416
Use After Free
|
CVE-2017-8246
|
2024-11-21 12:33 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248383
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bou…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8245
|
2024-11-21 12:33 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248384
|
7.0 |
HIGH
Local
|
google
|
android
|
In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at …
|
CWE-362
Race Condition
|
CVE-2017-8244
|
2024-11-21 12:33 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248385
|
5.5 |
MEDIUM
Local
|
conexant
|
mictray64
|
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKey…
|
CWE-200
Information Exposure
|
CVE-2017-8360
|
2024-11-21 12:33 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248386
|
5.5 |
MEDIUM
Local
|
schneider-electric
|
vampset
|
All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes t…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7967
|
2024-11-21 12:33 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248387
|
5.5 |
MEDIUM
Local
|
ca
|
client_automation
|
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-8391
|
2024-11-21 12:33 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248388
|
6.1 |
MEDIUM
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8304
|
2024-11-21 12:33 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248389
|
9.8 |
CRITICAL
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2017-8303
|
2024-11-21 12:33 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248390
|
8.8 |
HIGH
Network
|
atlassian
|
hipchat_server
|
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-8080
|
2024-11-21 12:33 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
