|
250291
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended ac…
|
CWE-862
Missing Authorization
|
CVE-2017-17450
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250292
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net…
|
CWE-200
Information Exposure
|
CVE-2017-17449
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250293
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended acces…
|
CWE-862
Missing Authorization
|
CVE-2017-17448
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250294
|
6.5 |
MEDIUM
Network
|
game-music-emu_project
|
game-music-emu
|
The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a deni…
|
CWE-681
Incorrect Conversion between Numeric Types
|
CVE-2017-17446
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250295
|
7.5 |
HIGH
Network
|
auth0
|
auth0.js
|
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke servi…
|
CWE-200
Information Exposure
|
CVE-2017-17068
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250296
|
8.8 |
HIGH
Adjacent
|
vaulteksafe
|
vt20i_firmware
|
An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials adv…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-17436
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250297
|
8.8 |
HIGH
Adjacent
|
vaulteksafe
|
vt20i_firmware
|
An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phon…
|
CWE-287
Improper Authentication
|
CVE-2017-17435
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250298
|
6.5 |
MEDIUM
Network
|
gnu
|
libextractor
|
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-17440
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250299
|
7.5 |
HIGH
Network
|
debian
heimdal_project
|
debian_linux
heimdal
|
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditiona…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-17439
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250300
|
4.7 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17383
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
