|
252551
|
3.3 |
LOW
Local
|
leptonica
|
leptonica
|
Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrict…
|
CWE-22
Path Traversal
|
CVE-2017-18196
|
2024-11-21 12:19 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252552
|
9.8 |
CRITICAL
Network
|
hamayeshnegar
|
hamayeshnegar_cms
|
SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter.
|
CWE-89
SQL Injection
|
CVE-2017-18194
|
2024-11-21 12:19 |
2018-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252553
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-18193
|
2024-11-21 12:19 |
2018-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252554
|
7.5 |
HIGH
Network
|
photo\
video_locker-calculator_project
|
photo\
video_locker-calculator
|
smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN.
|
CWE-200
Information Exposure
|
CVE-2017-18192
|
2024-11-21 12:19 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252555
|
7.5 |
HIGH
Network
|
openstack
redhat
|
nova
openstack
|
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt t…
|
NVD-CWE-noinfo
|
CVE-2017-18191
|
2024-11-21 12:19 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252556
|
5.3 |
MEDIUM
Network
|
atlassian
|
crucible
|
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to …
|
CWE-863
Incorrect Authorization
|
CVE-2017-18095
|
2024-11-21 12:19 |
2018-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252557
|
4.8 |
MEDIUM
Network
|
atlassian
|
fisheye
crucible
|
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inj…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18093
|
2024-11-21 12:19 |
2018-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252558
|
5.4 |
MEDIUM
Network
|
atlassian
|
crucible
|
The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site sc…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18092
|
2024-11-21 12:19 |
2018-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252559
|
4.8 |
MEDIUM
Network
|
atlassian
|
fisheye
crucible
|
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject …
|
CWE-79
Cross-site Scripting
|
CVE-2017-18091
|
2024-11-21 12:19 |
2018-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252560
|
6.1 |
MEDIUM
Network
|
atlassian
|
fisheye
|
Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18090
|
2024-11-21 12:19 |
2018-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
