Lucene search
K

629 matches found

CNVD
CNVD
added 2018/01/15 12:0 a.m.3 views

Google Android Qualcomm IPA Driver Elevation of Privilege Vulnerability (CNVD-2018-01111)

Android on Google Pixel and Nexus is a Linux-based open source operating system for the Google Pixel and Nexus smartphones developed by Google and the Open Handset Alliance OHA, of which the Qualcomm IPA driver is a part. Qualcomm IPA driver is one of the IPA drivers developed by Qualcomm. An...

8.8CVSS7.3AI score0.00364EPSS
Exploits0References1
Prion
Prion
added 2018/01/10 10:29 p.m.13 views

Design/Logic Flaw

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipaidr pointer using ipaidrfind function, the wrong structure pointer can be returned resulting in a slab ou...

4.6CVSS8.1AI score0.00364EPSS
Exploits0References1
NVD
NVD
added 2018/01/10 10:29 p.m.22 views

CVE-2017-14879

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipaidr pointer using ipaidrfind function, the wrong structure pointer can be returned resulting in a slab ou...

8.8CVSS8.2AI score0.00364EPSS
Exploits0References1
CVE
CVE
added 2018/01/10 10:0 p.m.42 views

CVE-2017-14879

CVE-2017-14879 affects the Qualcomm IPA driver (Android on Google Pixel/Nexus) via an IPA ioctl path that uses ipa_idr_find(), which can return a wrong structure pointer, causing slab out-of-bounds access in the IPA driver. This is listed as Elevation of Privilege (EoP) with a Moderate severity i...

8.8CVSS7.3AI score0.00364EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/01/10 10:0 p.m.22 views

CVE-2017-14879

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipaidr pointer using ipaidrfind function, the wrong structure pointer can be returned resulting in a slab ou...

7.5AI score0.00364EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2017/12/21 6:12 p.m.12 views

ipa-cbc-programme.eu XSS vulnerability

Open Bug Bounty ID: OBB-456878 Description| Value ---|--- Affected Website:| ipa-cbc-programme.eu Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

6.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2017/12/06 4:21 a.m.24 views

CVE-2017-12169

It was found that IPA could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password...

7.5CVSS2.6AI score0.01925EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2017/10/10 8:29 p.m.3 views

CVE-2017-9687

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two concurrent threads/processes can write the value of "0" to the debugfs file that controls ipa ipc log which will lead to the double-free in ipclogcontextdestroy. Another issue is th...

7.8CVSS5.5AI score0.00151EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2017/10/04 12:48 p.m.31 views

CVE-2017-12173

It was found that sssd's sysdbsearchuserbyupnres function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve...

8.8CVSS0.6AI score0.01499EPSS
Exploits0References1
Prion
Prion
added 2017/09/21 3:29 p.m.17 views

Memory corruption

In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNETIOCTLADDMUXCHANNEL in ipa wan driver may lead to memory corruption due to missing locks...

6.8CVSS8AI score0.00368EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/09/21 2:0 p.m.47 views

CVE-2015-5284

CVE-2015-5284 (FreeIPA) Impact: In FreeIPA versions before 4.2.2, ipa-kra-install stores the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem with world-readable permissions. This could allow an attacker to access the CA private key and potentially issue certificates (effect...

9.8CVSS9.4AI score0.00991EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2017/09/08 12:0 a.m.3 views

Google Android Qualcomm IPA Driver Memory Corruption Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, of which the Qualcomm IPA driver is a network gas pedal component. A security vulnerability exists in the Qualcomm IPA driver in Android. A remote attacker could exploit the vulnerability...

7.8CVSS7.8AI score0.00368EPSS
Exploits0References1
Prion
Prion
added 2017/08/11 3:29 p.m.12 views

Design/Logic Flaw

Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory...

4.3CVSS6.8AI score0.00444EPSS
Exploits0References3
CNVD
CNVD
added 2017/08/10 12:0 a.m.3 views

Google Android Qualcomm IPA Driver Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, of which the Qualcomm IPA driver is a network gas pedal component. An elevation of privilege vulnerability exists in the Qualcomm IPA driver in Google Android 7.1.2 and earlier versions. ...

7.8CVSS7.9AI score0.00356EPSS
Exploits0References1
OSV
OSV
added 2017/08/09 9:29 p.m.3 views

CVE-2017-0746

A elevation of privilege vulnerability in the Qualcomm ipa driver. Product: Android. Versions: Android kernel. Android ID: A-35467471. References: QC-CR2029392...

7.8CVSS5.8AI score0.00356EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/07/13 12:0 a.m.35 views

Virtuozzo 7 : ipa-admintools / ipa-client / ipa-client-common / etc (VZLSA-2017-0001)

An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

7.5CVSS6.8AI score0.047EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2017/06/23 12:0 a.m.7 views

The vulnerability of the Android operating system’s IPA driver allows a hacker to trigger a service failure.

The vulnerability of the Android operating system’s IPA driver is caused by a buffer overflow. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

9.3CVSS7.8AI score0.00393EPSS
Exploits0References2
NVD
NVD
added 2017/06/13 8:29 p.m.14 views

CVE-2017-8236

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver...

9.3CVSS7.6AI score0.00393EPSS
Exploits0References2
Prion
Prion
added 2017/06/13 8:29 p.m.13 views

Buffer overflow

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver...

9.3CVSS8.1AI score0.00393EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/06/13 8:0 p.m.20 views

CVE-2017-8236

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver...

7.9AI score0.00393EPSS
Exploits0References2
Rows per page
Query Builder