|
255741
|
4.4 |
MEDIUM
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_f…
|
CWE-200
CWE-125
Information Exposure
Out-of-bounds Read
|
CVE-2017-15814
|
2024-11-21 12:15 |
2018-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255742
|
7.8 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_p2p_noa_event_handler(), there is no bound check on a value coming …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15821
|
2024-11-21 12:15 |
2018-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255743
|
9.8 |
CRITICAL
Network
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15815
|
2024-11-21 12:15 |
2018-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255744
|
6.1 |
MEDIUM
Network
|
wicket-jquery-ui_project
|
wicket-jquery-ui
|
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to …
|
CWE-79
Cross-site Scripting
|
CVE-2017-15719
|
2024-11-21 12:15 |
2018-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255745
|
7.5 |
HIGH
Network
|
apache
|
geode
|
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-15693
|
2024-11-21 12:15 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255746
|
9.8 |
CRITICAL
Network
|
apache
|
geode
|
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-15692
|
2024-11-21 12:15 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255747
|
7.5 |
HIGH
Network
|
apache
|
geode
|
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains …
|
CWE-200
Information Exposure
|
CVE-2017-15696
|
2024-11-21 12:15 |
2018-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255748
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly vali…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-15862
|
2024-11-21 12:15 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255749
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without val…
|
CWE-129
Improper Validation of Array Index
|
CVE-2017-15861
|
2024-11-21 12:15 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255750
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.
|
CWE-843
Type Confusion
|
CVE-2017-15860
|
2024-11-21 12:15 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
