Latest CVE Feed
-
7.5
HIGHCVE-2017-18355
Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files.... Read more
Affected Products : rendertron- Published: Dec. 17, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-18354
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker.... Read more
Affected Products : rendertron- Published: Dec. 17, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-18353
Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application... Read more
Affected Products : rendertron- Published: Dec. 17, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-18352
Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs.... Read more
Affected Products : rendertron- Published: Dec. 17, 2018
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2017-18350
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target d... Read more
Affected Products : bitcoin_core- Published: Mar. 12, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-18349
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP ... Read more
- Published: Oct. 23, 2018
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2017-18348
Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan... Read more
Affected Products : splunk- Published: Oct. 19, 2018
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2017-18347
Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race conditio... Read more
- Published: Sep. 12, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-18346
SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.... Read more
Affected Products : cms_web-gooroo- Published: Jul. 03, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-18345
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request.... Read more
Affected Products : joomanager- Published: Aug. 26, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18344
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/time... Read more
- Published: Jul. 26, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-18343
The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the ve... Read more
Affected Products : symfony- Published: Jul. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-18342
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.... Read more
- Published: Jun. 27, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18332
Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425... Read more
Affected Products : msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware sdx20_firmware mdm9607_firmware +46 more products- Published: Jan. 18, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18331
Improper access control on secure display buffers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660... Read more
Affected Products : msm8996au_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9650_firmware mdm9206_firmware mdm9607_firmware sda660_firmware sd_210_firmware sd_212_firmware +12 more products- Published: Jan. 18, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18330
Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 2... Read more
Affected Products : ipq8074_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware sdx24_firmware mdm9650_firmware +68 more products- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18329
Possible Buffer overflow when transmitting an RTP packet in snapdragon automobile and snapdragon wear in versions MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD... Read more
Affected Products : android sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware mdm9635m_firmware +65 more products- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18328
Use after free in QSH client rule processing in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 82... Read more
Affected Products : android sdm660_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware mdm9206_firmware mdm9607_firmware +39 more products- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18327
Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425... Read more
Affected Products : msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware sdx20_firmware mdm9607_firmware +46 more products- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18326
Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435,... Read more
Affected Products : android sdm660_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware mdm9607_firmware mdm9635m_firmware +59 more products- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024