|
256831
|
7.0 |
HIGH
Local
|
linux
|
linux_kernel
|
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In suc…
|
CWE-362
Race Condition
|
CVE-2017-1000405
|
2024-11-21 12:04 |
2017-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256832
|
7.5 |
HIGH
Network
|
opendaylight
|
karaf
|
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
|
CWE-254
7PK - Security Features
|
CVE-2017-1000406
|
2024-11-21 12:04 |
2017-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256833
|
8.8 |
HIGH
Network
|
swagger
|
swagger-parser
swagger-codegen
|
A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000207
|
2024-11-21 12:04 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256834
|
7.8 |
HIGH
Local
|
gnome
|
evince
|
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
|
CWE-78
OS Command
|
CVE-2017-1000159
|
2024-11-21 12:04 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256835
|
8.8 |
HIGH
Network
|
typed_function_project
|
typed_function
|
typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
|
CWE-20
Improper Input Validation
|
CVE-2017-1001004
|
2024-11-21 12:04 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256836
|
9.8 |
CRITICAL
Network
|
mathjs_project
|
mathjs
|
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
|
CWE-20
Improper Input Validation
|
CVE-2017-1001003
|
2024-11-21 12:04 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256837
|
9.8 |
CRITICAL
Network
|
mathjs
|
math.js
|
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
|
CWE-94
Code Injection
|
CVE-2017-1001002
|
2024-11-21 12:04 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256838
|
9.8 |
CRITICAL
Network
|
gitphp_project
|
gitphp
|
GitPHP by xiphux is vulnerable to OS Command Injections
|
CWE-78
OS Command
|
CVE-2017-1000214
|
2024-11-21 12:04 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256839
|
6.5 |
MEDIUM
Network
|
apereo
|
opencast
|
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000221
|
2024-11-21 12:04 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256840
|
8.8 |
HIGH
Network
|
opencast
|
opencast
|
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.
|
CWE-74
Injection
|
CVE-2017-1000217
|
2024-11-21 12:04 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
