|
254701
|
7.8 |
HIGH
Local
|
apport_project
canonical
|
apport
ubuntu_linux
|
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-14180
|
2024-11-21 12:12 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254702
|
7.8 |
HIGH
Local
|
apport_project
canonical
|
apport
ubuntu_linux
|
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of servi…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-14179
|
2024-11-21 12:12 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254703
|
7.5 |
HIGH
Network
|
snapcraft
|
snapd
|
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's acce…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2017-14178
|
2024-11-21 12:12 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254704
|
7.8 |
HIGH
Local
|
apport_project
canonical
|
apport
ubuntu_linux
|
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-14177
|
2024-11-21 12:12 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254705
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortios
|
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header …
|
CWE-79
Cross-site Scripting
|
CVE-2017-14190
|
2024-11-21 12:12 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254706
|
7.5 |
HIGH
Network
|
wondercms
|
wondercms
|
WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can onl…
|
CWE-74
Injection
|
CVE-2017-14523
|
2024-11-21 12:12 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254707
|
6.1 |
MEDIUM
Network
|
wondercms
|
wondercms
|
In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14522
|
2024-11-21 12:12 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254708
|
8.8 |
HIGH
Network
|
wondercms
|
wondercms
|
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-14521
|
2024-11-21 12:12 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254709
|
7.5 |
HIGH
Network
|
parity
|
ethereum_client
|
An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can tri…
|
NVD-CWE-noinfo
|
CVE-2017-14460
|
2024-11-21 12:12 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254710
|
8.2 |
HIGH
Network
|
ethereum
|
ethereum_virtual_machine
|
An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can c…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14457
|
2024-11-21 12:12 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
