|
248791
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2017-7367
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248792
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters.
|
CWE-20
Improper Input Validation
|
CVE-2017-7366
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248793
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7365
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248794
|
7.3 |
HIGH
Local
|
eduiq
|
net_monitor_for_employees
|
Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privi…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2017-7180
|
2024-11-21 12:31 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248795
|
7.5 |
HIGH
Network
|
personify
|
personify360_e-business
|
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.
|
CWE-287
Improper Authentication
|
CVE-2017-7314
|
2024-11-21 12:31 |
2017-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248796
|
7.5 |
HIGH
Network
|
personify
|
personify360_e-business
|
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other wor…
|
CWE-200
Information Exposure
|
CVE-2017-7313
|
2024-11-21 12:31 |
2017-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248797
|
9.8 |
CRITICAL
Network
|
personifycorp
|
personify360
|
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and…
|
CWE-269
Improper Privilege Management
|
CVE-2017-7312
|
2024-11-21 12:31 |
2017-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248798
|
6.1 |
MEDIUM
Network
|
flipbuilder
|
flip_pdf
|
Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7384
|
2024-11-21 12:31 |
2017-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248799
|
6.1 |
MEDIUM
Network
|
contiki-os
|
contiki
|
An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7296
|
2024-11-21 12:31 |
2017-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248800
|
7.5 |
HIGH
Network
|
contiki-os
|
contiki
|
An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structur…
|
CWE-416
Use After Free
|
CVE-2017-7295
|
2024-11-21 12:31 |
2017-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
