Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-30 | CVE-2017-14892 | Improper Input Validation vulnerability in Google Android In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asm_open_shared_io() is not checked properly potentially leading to a possible dangling pointer access. | 7.8 |
| 2018-03-30 | CVE-2017-14875 | Information Exposure vulnerability in Google Android In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists. | 7.5 |
| 2018-03-30 | CVE-2017-11087 | Information Exposure vulnerability in Google Android libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the "filled length", which is larger than the output buffer's actual size, leading to an information disclosure problem in the context of mediaserver. | 7.5 |
| 2018-03-30 | CVE-2018-3740 | Improper Input Validation vulnerability in Sanitize Project Sanitize A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. | 7.5 |
| 2018-03-30 | CVE-2018-3728 | Modification of Assumed-Immutable Data (MAID) vulnerability in Hapijs Hoek hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | 8.8 |
| 2018-03-30 | CVE-2018-9134 | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. | 8.8 |
| 2018-03-30 | CVE-2018-9144 | Out-of-bounds Read vulnerability in Exiv2 In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. | 8.1 |
| 2018-03-30 | CVE-2018-9142 | Improper Input Validation vulnerability in Samsung Mobile On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932. | 7.0 |
| 2018-03-30 | CVE-2018-9141 | Improper Input Validation vulnerability in Samsung Mobile On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105. | 7.8 |
| 2018-03-30 | CVE-2018-9135 | Out-of-bounds Read vulnerability in Imagemagick 7.0.724 In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. | 8.8 |