CWE:
 

Topic
Date
Author
Low
Parity Browser < 1.6.10 Bypass Same Origin Policy
12.01.2018
tintinweb
Med.
Solarwinds LEM Insecure Update Process
26.09.2017
Hank Leininger


CVEMAP Search Results

CVE
Details
Description
2018-04-04
Medium
CVE-2017-13274

Vendor: Google
Software: Android
 

 
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761.

 
2018-01-02
Low
CVE-2017-1000455

Vendor: GNU
Software: Guixsd
 

 
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix.

 
2017-02-09
Low
CVE-2017-5591

Vendor: Sleekxmpp project
Software: Sleekxmpp
 

 
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top