Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2018
CVE-2017-14881
While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-03-30
CVE-2017-14883
In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using this variable to calculate stats_registers_len may overflow to a smaller value leading to less than required memory allocated for power_stats_results and potentially a buffer overflow while copying the FW buffer to local buffer.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-03-30
CVE-2017-14891
In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-03-30
CVE-2017-14892
In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asm_open_shared_io() is not checked properly potentially leading to a possible dangling pointer access.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-03-30
CVE-2017-15823
In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-11, some values from firmware are not properly validated potentially leading to a buffer overflow.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-03-30
CVE-2017-15826
Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-03-30
CVE-2017-15846
In the video_ioctl2() function in the camera driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-16, an untrusted pointer dereference may potentially occur.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-03-30
CVE-2017-15852
Information leak of the ISPIF base address in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the camera driver.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-03-30
CVE-2018-3817
When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-03-30
CVE-2018-3818
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-03-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved