|
252541
|
8.8 |
HIGH
Network
|
newsbeuter
|
newsbeuter
|
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code exe…
|
CWE-78
OS Command
|
CVE-2017-14500
|
2024-11-21 12:12 |
2017-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252542
|
6.1 |
MEDIUM
Network
|
silverstripe
|
silverstripe
|
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pag…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14498
|
2024-11-21 12:12 |
2017-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252543
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and m…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14497
|
2024-11-21 12:12 |
2017-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252544
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14340
|
2024-11-21 12:12 |
2017-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252545
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.
|
CWE-20
Improper Input Validation
|
CVE-2017-14489
|
2024-11-21 12:12 |
2017-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252546
|
7.3 |
HIGH
Local
|
gentoo
|
sci-mathematics-gimps
|
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because a…
|
CWE-269
Improper Privilege Management
|
CVE-2017-14484
|
2024-11-21 12:12 |
2017-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252547
|
5.5 |
MEDIUM
Local
|
gentoo
|
dev-python-flower
|
flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leve…
|
CWE-362
Race Condition
|
CVE-2017-14483
|
2024-11-21 12:12 |
2017-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252548
|
8.8 |
HIGH
Network
|
gnu
debian
|
emacs
debian_linux
|
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell…
|
NVD-CWE-noinfo
|
CVE-2017-14482
|
2024-11-21 12:12 |
2017-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252549
|
5.5 |
MEDIUM
Local
|
xen
|
xen
|
Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no …
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-14431
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252550
|
7.5 |
HIGH
Network
|
dlink
|
dir-850l_firmware
|
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via craft…
|
CWE-20
Improper Input Validation
|
CVE-2017-14430
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
