|
254341
|
7.5 |
HIGH
Network
|
qualcomm
|
mdm9206_firmware
mdm9607_firmware
qca6174a_firmware
qca6574_firmware
mdm9640_firmware
qca6574au_firmware
mdm9650_firmware
qca6584_firmware
qca6584au_firmware
sd_210_firmwar…
|
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA658…
|
CWE-200
Information Exposure
|
CVE-2017-18072
|
2024-11-21 12:19 |
2018-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254342
|
8.8 |
HIGH
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka …
|
CWE-89
SQL Injection
|
CVE-2017-18260
|
2024-11-21 12:19 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254343
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18259
|
2024-11-21 12:19 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254344
|
6.5 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
|
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version…
|
CWE-862
Missing Authorization
|
CVE-2017-18101
|
2024-11-21 12:19 |
2018-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254345
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
|
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick fi…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18100
|
2024-11-21 12:19 |
2018-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254346
|
6.5 |
MEDIUM
Network
|
xmlsoft
|
libxml2
|
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not r…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-18258
|
2024-11-21 12:19 |
2018-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254347
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
|
The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fie…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18098
|
2024-11-21 12:19 |
2018-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254348
|
5.4 |
MEDIUM
Network
|
atlassian
|
jira
|
The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaSc…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18097
|
2024-11-21 12:19 |
2018-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254349
|
5.5 |
MEDIUM
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate s…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-18257
|
2024-11-21 12:19 |
2018-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254350
|
7.2 |
HIGH
Network
|
atlassian
|
application_links
|
The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access th…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-18096
|
2024-11-21 12:19 |
2018-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
