Total
31907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18305 | 1 Qualcomm | 14 Mdm9206, Mdm9206 Firmware, Mdm9607 and 11 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835. | |||||
| CVE-2017-18296 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. | |||||
| CVE-2017-18293 | 1 Qualcomm | 28 Mdm9206, Mdm9206 Firmware, Mdm9607 and 25 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. | |||||
| CVE-2017-18282 | 1 Qualcomm | 28 Mdm9206, Mdm9206 Firmware, Mdm9607 and 25 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. | |||||
| CVE-2017-18280 | 1 Qualcomm | 42 Mdm9607, Mdm9607 Firmware, Msm8909w and 39 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDM429, SDM439, SDM632, Snapdragon_High_Med_2016, when a Trusted Application has opened the SPI/I2C interface to a particular device, it is possible for another Trusted Application to read the data on this open interface by calling the SPI/I2C read function. | |||||
| CVE-2017-18276 | 1 Qualcomm | 18 Mdm9206, Mdm9206 Firmware, Mdm9607 and 15 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Secure camera logic allows display/secure camera controllers to access HLOS memory during secure display or camera session in Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850 | |||||
| CVE-2017-18275 | 1 Qualcomm | 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A new account can be inserted into simContacts service using Android command line tool in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845. | |||||
| CVE-2017-18270 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. | |||||
| CVE-2017-18265 | 2 Debian, Prosody | 2 Debian Linux, Prosody | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module. | |||||
| CVE-2017-18264 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument. | |||||
| CVE-2017-18256 | 1 Brave | 1 Brave Browser | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled. | |||||
| CVE-2017-18239 | 1 Authentikat-jwt Project | 1 Authentikat-jwt | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests. | |||||
| CVE-2017-18232 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. | |||||
| CVE-2017-18213 | 1 Exponentcms | 1 Exponent Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. | |||||
| CVE-2017-18204 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests. | |||||
| CVE-2017-18195 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers. | |||||
| CVE-2017-18191 | 2 Openstack, Redhat | 2 Nova, Openstack | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected. | |||||
| CVE-2017-18143 | 1 Qualcomm | 4 Sd 845, Sd 845 Firmware, Sd 850 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 845, SD 850, on a secure device, PD dumps are collected when debugging is not enabled. | |||||
| CVE-2017-18141 | 1 Qualcomm | 68 Ipq8074, Ipq8074 Firmware, Mdm9206 and 65 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016. | |||||
| CVE-2017-18128 | 1 Qualcomm | 4 Sd 845, Sd 845 Firmware, Sd 850 and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 845, SD 850, improper access control while configuring MPU protecting error correction registers may potentially lead to exposure of related secured data. | |||||