Latest CVE Feed
-
10.0
HIGHCVE-2017-18349
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP ... Read more
- Published: Oct. 23, 2018
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2017-18348
Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan... Read more
Affected Products : splunk- Published: Oct. 19, 2018
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2017-18347
Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race conditio... Read more
- Published: Sep. 12, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-18346
SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.... Read more
Affected Products : cms_web-gooroo- Published: Jul. 03, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-18345
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request.... Read more
Affected Products : joomanager- Published: Aug. 26, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18344
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/time... Read more
- Published: Jul. 26, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-18343
The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the ve... Read more
Affected Products : symfony- Published: Jul. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-18342
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.... Read more
- Published: Jun. 27, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18332
Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425... Read more
Affected Products : msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware sdx20_firmware mdm9607_firmware +46 more products- Published: Jan. 18, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18331
Improper access control on secure display buffers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660... Read more
Affected Products : msm8996au_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9650_firmware mdm9206_firmware mdm9607_firmware sda660_firmware sd_210_firmware sd_212_firmware +12 more products- Published: Jan. 18, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18330
Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 2... Read more
Affected Products : ipq8074_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware sdx24_firmware mdm9650_firmware +68 more products- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18329
Possible Buffer overflow when transmitting an RTP packet in snapdragon automobile and snapdragon wear in versions MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD... Read more
Affected Products : android sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware mdm9635m_firmware +65 more products- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18328
Use after free in QSH client rule processing in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 82... Read more
Affected Products : android sdm660_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware mdm9206_firmware mdm9607_firmware +39 more products- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18327
Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425... Read more
Affected Products : msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware sdx20_firmware mdm9607_firmware +46 more products- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18326
Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435,... Read more
Affected Products : android sdm660_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware mdm9607_firmware mdm9635m_firmware +59 more products- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18324
Cryptographic key material leaked in debug messages - GERAN in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD... Read more
Affected Products : android sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware sdx24_firmware mdm9650_firmware msm8909w_firmware mdm9206_firmware mdm9607_firmware +55 more products- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18323
Cryptographic key material leaked in TDSCDMA RRC debug messages in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205,... Read more
Affected Products : msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware sdx20_firmware mdm9206_firmware +60 more products- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18322
Cryptographic key material leaked in WCDMA debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD ... Read more
Affected Products : android sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware mdm9206_firmware mdm9607_firmware mdm9635m_firmware +53 more products- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-18321
Security keys used by the terminal and NW for a session could be leaked in snapdragon mobile in versions MDM9650, MDM9655, SD 835, SDA660.... Read more
Affected Products : android sd_835_firmware mdm9650_firmware sda660_firmware mdm9655_firmware mdm9650 mdm9655 sda660 sd_835- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-18320
QSEE unload attempt on a 3rd party TEE without previously loading results in a data abort in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, S... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware sdx24_firmware sda660_firmware sd_636_firmware +54 more products- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024