Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-13275 |
In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908. Published: April 04, 2018; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 1.9 LOW |
CVE-2017-13274 |
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761. Published: April 04, 2018; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-13267 |
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69479009. Published: April 04, 2018; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2018-9249 |
FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request. Published: April 04, 2018; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-9248 |
FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header. Published: April 04, 2018; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-9205 |
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. Published: April 04, 2018; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-8814 |
Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a malicious request. Published: April 04, 2018; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2018-8813 |
Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL. Published: April 04, 2018; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2018-6919 |
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data. Published: April 04, 2018; 10:29:00 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-6918 |
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash. Published: April 04, 2018; 10:29:00 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2018-6917 |
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data. Published: April 04, 2018; 10:29:00 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-3971 |
Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers. Published: April 04, 2018; 9:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-3969 |
Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL. Published: April 04, 2018; 9:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-3967 |
Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames. Published: April 04, 2018; 9:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-3966 |
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL. Published: April 04, 2018; 9:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.3 MEDIUM V2.0: 6.5 MEDIUM |
CVE-2017-3965 |
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs. Published: April 04, 2018; 9:29:00 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-3964 |
Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter. Published: April 04, 2018; 9:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-18096 |
The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. Published: April 04, 2018; 8:29:00 AM -0400 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 4.0 MEDIUM |
CVE-2018-9274 |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak. Published: April 04, 2018; 3:29:01 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-9273 |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. Published: April 04, 2018; 3:29:01 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |