|
250861
|
5.5 |
MEDIUM
Local
|
qemu
debian
canonical
|
qemu
debian_linux
ubuntu_linux
|
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-18043
|
2024-11-21 12:19 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250862
|
7.8 |
HIGH
Local
|
7-zip
debian
|
7-zip
p7zip
debian_linux
|
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potential…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-17969
|
2024-11-21 12:19 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250863
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact becau…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-18079
|
2024-11-21 12:19 |
2018-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250864
|
7.8 |
HIGH
Local
|
systemd_project
debian
opensuse
|
systemd
debian_linux
leap
|
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass…
|
CWE-59
Link Following
|
CVE-2017-18078
|
2024-11-21 12:19 |
2018-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250865
|
7.5 |
HIGH
Network
|
brace_expansion_project
|
brace_expansion
|
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
|
CWE-20
Improper Input Validation
|
CVE-2017-18077
|
2024-11-21 12:19 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250866
|
9.8 |
CRITICAL
Network
|
perfexcrm
|
perfex_crm
|
In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-17976
|
2024-11-21 12:19 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250867
|
7.5 |
HIGH
Network
|
omniauth
debian
|
omniauth
debian_linux
|
In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the enviro…
|
NVD-CWE-noinfo
|
CVE-2017-18076
|
2024-11-21 12:19 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250868
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_…
|
CWE-763
Release of Invalid Pointer or Reference
|
CVE-2017-18075
|
2024-11-21 12:19 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250869
|
4.4 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via ve…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-18030
|
2024-11-21 12:19 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250870
|
9.8 |
CRITICAL
Network
|
fairsketch
|
rise_ultimate_project_manager
|
SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/.
|
CWE-89
SQL Injection
|
CVE-2017-17999
|
2024-11-21 12:19 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
