|
251591
|
7.5 |
HIGH
Network
|
auth0
|
auth0.js
|
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke servi…
|
CWE-200
Information Exposure
|
CVE-2017-17068
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251592
|
8.8 |
HIGH
Adjacent
|
vaulteksafe
|
vt20i_firmware
|
An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials adv…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-17436
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251593
|
8.8 |
HIGH
Adjacent
|
vaulteksafe
|
vt20i_firmware
|
An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phon…
|
CWE-287
Improper Authentication
|
CVE-2017-17435
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251594
|
6.5 |
MEDIUM
Network
|
gnu
|
libextractor
|
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-17440
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251595
|
7.5 |
HIGH
Network
|
debian
heimdal_project
|
debian_linux
heimdal
|
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditiona…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-17439
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251596
|
4.7 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17383
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251597
|
7.8 |
HIGH
Local
|
amazon
|
audible
|
ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already creat…
|
CWE-426
Untrusted Search Path
|
CVE-2017-17069
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251598
|
9.8 |
CRITICAL
Network
|
samba
debian
|
rsync
debian_linux
|
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also …
|
NVD-CWE-noinfo
|
CVE-2017-17434
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251599
|
3.7 |
LOW
Network
|
debian
samba
|
debian_linux
rsync
|
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_f…
|
CWE-862
Missing Authorization
|
CVE-2017-17433
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251600
|
7.5 |
HIGH
Network
|
openafs
debian
|
openafs
debian_linux
|
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated…
|
CWE-617
Reachable Assertion
|
CVE-2017-17432
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
