|
249961
|
7.5 |
HIGH
Network
|
enigmail
debian
|
enigmail
debian_linux
|
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the enti…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2017-17847
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249962
|
7.5 |
HIGH
Network
|
enigmail
debian
|
enigmail
debian_linux
|
An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.
|
CWE-20
Improper Input Validation
|
CVE-2017-17846
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249963
|
7.3 |
HIGH
Network
|
enigmail
debian
|
enigmail
debian_linux
|
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2017-17845
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249964
|
6.5 |
MEDIUM
Network
|
enigmail
debian
|
enigmail
debian_linux
|
An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relyin…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-17844
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249965
|
5.9 |
MEDIUM
Network
|
enigmail
debian
|
enigmail
debian_linux
|
An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of…
|
NVD-CWE-noinfo
|
CVE-2017-17843
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249966
|
7.8 |
HIGH
Local
|
open-iscsi_project
|
open-iscsi
|
An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to la…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17840
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249967
|
5.4 |
MEDIUM
Network
|
serverscheck
|
monitoring_software
|
ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, …
|
CWE-79
Cross-site Scripting
|
CVE-2017-17832
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249968
|
7.5 |
HIGH
Network
|
samsung
|
internet_browser
|
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the …
|
CWE-200
Information Exposure
|
CVE-2017-17692
|
2024-11-21 12:18 |
2017-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249969
|
8.8 |
HIGH
Network
|
git_large_file_storage_project
|
git_large_file_storage
|
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within …
|
CWE-20
Improper Input Validation
|
CVE-2017-17831
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249970
|
6.8 |
MEDIUM
Network
|
doditsolutions
|
bus_booking_script
|
Bus Booking Script has CSRF via admin/new_master.php.
|
CWE-352
Origin Validation Error
|
CVE-2017-17830
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
