|
250461
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended acces…
|
CWE-862
Missing Authorization
|
CVE-2017-17448
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250462
|
6.5 |
MEDIUM
Network
|
game-music-emu_project
|
game-music-emu
|
The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a deni…
|
CWE-681
Incorrect Conversion between Numeric Types
|
CVE-2017-17446
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250463
|
7.5 |
HIGH
Network
|
auth0
|
auth0.js
|
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke servi…
|
CWE-200
Information Exposure
|
CVE-2017-17068
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250464
|
8.8 |
HIGH
Adjacent
|
vaulteksafe
|
vt20i_firmware
|
An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials adv…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-17436
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250465
|
8.8 |
HIGH
Adjacent
|
vaulteksafe
|
vt20i_firmware
|
An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phon…
|
CWE-287
Improper Authentication
|
CVE-2017-17435
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250466
|
6.5 |
MEDIUM
Network
|
gnu
|
libextractor
|
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-17440
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250467
|
7.5 |
HIGH
Network
|
debian
heimdal_project
|
debian_linux
heimdal
|
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditiona…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-17439
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250468
|
4.7 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17383
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250469
|
7.8 |
HIGH
Local
|
amazon
|
audible
|
ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already creat…
|
CWE-426
Untrusted Search Path
|
CVE-2017-17069
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250470
|
9.8 |
CRITICAL
Network
|
samba
debian
|
rsync
debian_linux
|
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also …
|
NVD-CWE-noinfo
|
CVE-2017-17434
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
