|
258681
|
5.5 |
MEDIUM
Local
|
gnu
|
emacs
|
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible…
|
CWE-200
Information Exposure
|
CVE-2017-1000383
|
2024-11-21 12:04 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258682
|
5.5 |
MEDIUM
Local
|
vim
|
vim
|
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways…
|
CWE-200
Information Exposure
|
CVE-2017-1000382
|
2024-11-21 12:04 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258683
|
8.1 |
HIGH
Network
|
redhat
debian
|
libvirt
debian_linux
|
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
|
CWE-295
Improper Certificate Validation
|
CVE-2017-1000256
|
2024-11-21 12:04 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258684
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *fro…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-1000255
|
2024-11-21 12:04 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258685
|
7.5 |
HIGH
Network
|
koji_project
|
koji
|
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
|
CWE-20
Improper Input Validation
|
CVE-2017-1002153
|
2024-11-21 12:04 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258686
|
7.5 |
HIGH
Network
|
haxx
|
libcurl
|
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory wi…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000254
|
2024-11-21 12:04 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258687
|
8.8 |
HIGH
Network
|
frappe
|
frappe
|
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
|
CWE-89
SQL Injection
|
CVE-2017-1000120
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258688
|
7.2 |
HIGH
Network
|
octobercms
|
october
|
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-1000119
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258689
|
7.5 |
HIGH
Network
|
akka
|
http_server
|
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000118
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258690
|
8.8 |
HIGH
Network
|
git-scm
|
git
|
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Suc…
|
CWE-601
Open Redirect
|
CVE-2017-1000117
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
