|
257311
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group pri…
|
NVD-CWE-noinfo
|
CVE-2017-5551
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257312
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportu…
|
CWE-200
Information Exposure
|
CVE-2017-5550
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257313
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line sta…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-5549
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257314
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or m…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5548
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257315
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5547
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257316
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possi…
|
NVD-CWE-noinfo
|
CVE-2017-5546
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257317
|
6.2 |
MEDIUM
Local
|
sendquick
|
entera_sms_gateway_firmware
avera_sms_gateway_firmware
|
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-5137
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257318
|
7.5 |
HIGH
Network
|
sendquick
|
entera_sms_gateway_firmware
avera_sms_gateway_firmware
|
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown …
|
CWE-862
Missing Authorization
|
CVE-2017-5136
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257319
|
9.8 |
CRITICAL
Network
|
netapp
|
oncommand_insight
|
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-5600
|
2024-11-21 12:27 |
2017-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257320
|
9.8 |
CRITICAL
Network
|
sagecrm
|
sagecrm
|
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided funct…
|
CWE-22
Path Traversal
|
CVE-2017-5219
|
2024-11-21 12:27 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
