|
257441
|
8.1 |
HIGH
Network
|
duolingo
|
tinycards
|
The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in…
|
CWE-94
Code Injection
|
CVE-2017-16905
|
2024-11-21 12:17 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257442
|
9.8 |
CRITICAL
Network
|
gps-server
|
gps_tracking_software
|
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled …
|
CWE-94
Code Injection
|
CVE-2017-17098
|
2024-11-21 12:17 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257443
|
9.8 |
CRITICAL
Network
|
gps-server
|
gps_tracking_software
|
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-17097
|
2024-11-21 12:17 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257444
|
4.8 |
MEDIUM
Network
|
webmin
|
webmin
|
custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17089
|
2024-11-21 12:17 |
2017-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257445
|
6.1 |
MEDIUM
Network
|
mistune_project
fedoraproject
|
mistune
fedora
|
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape t…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16876
|
2024-11-21 12:17 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257446
|
7.8 |
HIGH
Local
|
sony
|
content_manager_assistant
|
Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified dire…
|
CWE-426
Untrusted Search Path
|
CVE-2017-17010
|
2024-11-21 12:17 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257447
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncatio…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16996
|
2024-11-21 12:17 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257448
|
7.8 |
HIGH
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by lev…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16995
|
2024-11-21 12:17 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257449
|
8.1 |
HIGH
Network
|
auth0
|
passport-wsfed-saml2
|
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate the…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2017-16897
|
2024-11-21 12:17 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257450
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
|
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers t…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17033
|
2024-11-21 12:17 |
2017-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
