|
250221
|
5.9 |
MEDIUM
Network
|
linux
|
linux_kernel
|
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a special…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-16912
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250222
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is atta…
|
CWE-200
Information Exposure
|
CVE-2017-16911
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250223
|
7.8 |
HIGH
Local
|
haystacksoftware
|
arq
|
The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16945
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250224
|
7.8 |
HIGH
Local
|
haystacksoftware
|
arq
|
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/bl…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16928
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250225
|
6.8 |
MEDIUM
Network
|
atlassian
|
crowd
|
The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST reque…
|
CWE-287
Improper Authentication
|
CVE-2017-16858
|
2024-11-21 12:17 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250226
|
9.8 |
CRITICAL
Network
|
netgain-systems
|
enterprise_manager
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit t…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2017-17407
|
2024-11-21 12:17 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250227
|
9.8 |
CRITICAL
Network
|
netgain-systems
|
enterprise_manager
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The speci…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-17406
|
2024-11-21 12:17 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250228
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
|
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project …
|
CWE-79
Cross-site Scripting
|
CVE-2017-16863
|
2024-11-21 12:17 |
2018-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250229
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira
|
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an env…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-16865
|
2024-11-21 12:17 |
2018-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250230
|
5.5 |
MEDIUM
Local
|
k7computing
|
antivirus
internet_security
ultimate_security
endpoint
total_security
|
In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sendi…
|
CWE-20
Improper Input Validation
|
CVE-2017-17429
|
2024-11-21 12:17 |
2018-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
