CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2018/06/01 1:29 p.m.•25 views

CVE-2018-8921

6.5CVSS5.9AI score0.00803EPSS

CVE•added 2018/06/01 1:0 p.m.•53 views

CVE-2018-8921

CVE-2018-8921 describes a cross-site scripting (XSS) vulnerability in Synology Drive’s File Sharing Notify Toast. Affected component: File Sharing Notify Toast within Synology Drive. The root cause is improper handling/sanitization of the file name, allowing remote authenticated users to inject a...

6.5CVSS5.1AI score0.00803EPSS

Exploits0References1Affected Software1

Cvelist•added 2018/06/01 1:0 p.m.•24 views

CVE-2018-8921

6.5CVSS5.9AI score0.00803EPSS

Positive Technologies•added 2018/06/01 12:0 a.m.•3 views

PT-2018-18719 · Synology · Synology Drive

Name of the Vulnerable Software and Affected Versions: Synology Drive versions prior to 1.0.2-10275 Description: The issue allows remote authenticated users to inject arbitrary web script or HTML via a malicious file name, exploiting a cross-site scripting XSS vulnerability in the File Sharing...

6.5CVSS5.4AI score0.00803EPSS

Exploits0References3

NVD•added 2018/04/04 4:29 p.m.•15 views

CVE-2017-13278

In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1...

7.8CVSS7.7AI score0.00456EPSS

CVE•added 2018/04/04 4:0 p.m.•49 views

CVE-2017-13278

CVE-2017-13278 affects Android’s MediaPlayerService::Client::notify in MediaPlayerService.cpp, with a use-after-free that can allow local elevation of privilege without extra execution privileges. Impacted Android versions: 6.0–8.1 (6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1). Description notes no u...

7.8CVSS7.6AI score0.00456EPSS

Exploits0References1Affected Software1

CNVD•added 2018/04/04 12:0 a.m.•2 views

Google Android Local Elevation of Privilege Vulnerability (CNVD-2018-07863)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation of privilege vulnerability exists in MediaPlayerService::Client::notify in the MediaPlayerService.cpp file in Android. A local attacker can exploit this vulnerability...

7.8CVSS6.9AI score0.00456EPSS

CNVD•added 2018/03/02 12:0 a.m.•2 views

Quagga BGP Backend Program NOTIFY Denial of Service Vulnerability

Quagga is an open source routing software. Quagga BGP backend program handling NOTIFY has a security vulnerability that allows remote attackers to exploit the vulnerability to submit special requests for denial-of-service attacks...

7.1CVSS6.9AI score0.7444EPSS

OSV•added 2018/02/19 1:29 p.m.•1 views

CVE-2018-5378

The Quagga BGP daemon bgpd prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash...

5.9CVSS5.5AI score0.7444EPSS

Exploits0References6

ossfuzz•added 2018/02/17 3:31 p.m.•18 views

libreoffice/pptfuzzer: Bad-cast to SdrObject from invalid vptr in SdrEdgeObj::Notify

Detailed report: https://oss-fuzz.com/testcase?key=5651645263249408 Project: libreoffice Fuzzer: libFuzzerlibreofficepptfuzzer Fuzz target binary: pptfuzzer Job Type: libfuzzerubsanlibreoffice Platform Id: linux Crash Type: Bad-cast Crash Address: 0x0000103c9cb0 Crash State: Bad-cast to SdrObject...

Positive Technologies•added 2018/02/15 12:0 a.m.•4 views

PT-2018-16934 · Quagga +3 · Quagga +3

Name of the Vulnerable Software and Affected Versions: Quagga versions prior to 1.2.3 Description: The issue arises from improper bounds checking of data sent with a NOTIFY to a peer when an attribute length is invalid. This can lead to arbitrary data from the bgpd process being sent over the...

9.8CVSS7.8AI score0.7444EPSS

Exploits8References66

ossfuzz•added 2018/02/14 7:26 a.m.•20 views

libreoffice/pptfuzzer: Heap-use-after-free in SdrObject::GetBroadcaster

Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://oss-fuzz.com/testcase?key=5695662168473600 Project: libreoffice Fuzzer: libFuzzerlibreofficepptfuzzer Fuzz target binary: pptfuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type: Heap-use-after-fre...

ossfuzz•added 2018/02/07 12:36 p.m.•14 views

libreoffice/pptfuzzer: Bad-cast to SdrObjectSdrEdgeObj::Notify in SfxBroadcaster::Broadcast

Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://oss-fuzz.com/testcase?key=4773718837428224 Project: libreoffice Fuzzer: libFuzzerlibreofficepptfuzzer Fuzz target binary: pptfuzzer Job Type: libfuzzerubsanlibreoffice Platform Id: linux Crash Type: Bad-cast Crash...

ossfuzz•added 2018/02/07 9:16 a.m.•13 views

libreoffice/pptfuzzer: Heap-use-after-free in SdrObject::GetBroadcaster

Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://oss-fuzz.com/testcase?key=5182633748201472 Project: libreoffice Fuzzer: libFuzzerlibreofficepptfuzzer Fuzz target binary: pptfuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type: Heap-use-after-fre...

BDU FSTEC•added 2018/02/07 12:0 a.m.•4 views

The vulnerability of the `nsImageLoadingContent::Notify` function in the Mozilla Firefox ESR browser allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the nsImageLoadingContent::Notify function in Mozilla Firefox ESR is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9.3CVSS7.7AI score0.03618EPSS

Exploits1References2Affected Software1

OSV•added 2018/01/23 3:29 p.m.•1 views

DEBIAN-CVE-2017-15091

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly...

7.1CVSS7AI score0.01265EPSS