|
252601
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact becau…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-18079
|
2024-11-21 12:19 |
2018-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252602
|
7.8 |
HIGH
Local
|
systemd_project
debian
opensuse
|
systemd
debian_linux
leap
|
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass…
|
CWE-59
Link Following
|
CVE-2017-18078
|
2024-11-21 12:19 |
2018-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252603
|
7.5 |
HIGH
Network
|
brace_expansion_project
|
brace_expansion
|
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
|
CWE-20
Improper Input Validation
|
CVE-2017-18077
|
2024-11-21 12:19 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252604
|
9.8 |
CRITICAL
Network
|
perfexcrm
|
perfex_crm
|
In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-17976
|
2024-11-21 12:19 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252605
|
7.5 |
HIGH
Network
|
omniauth
debian
|
omniauth
debian_linux
|
In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the enviro…
|
NVD-CWE-noinfo
|
CVE-2017-18076
|
2024-11-21 12:19 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252606
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_…
|
CWE-763
Release of Invalid Pointer or Reference
|
CVE-2017-18075
|
2024-11-21 12:19 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252607
|
4.4 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via ve…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-18030
|
2024-11-21 12:19 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252608
|
9.8 |
CRITICAL
Network
|
fairsketch
|
rise_ultimate_project_manager
|
SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/.
|
CWE-89
SQL Injection
|
CVE-2017-17999
|
2024-11-21 12:19 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252609
|
5.5 |
MEDIUM
Local
|
silverstripe
|
silverstripe
|
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without…
|
CWE-74
Injection
|
CVE-2017-18049
|
2024-11-21 12:19 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252610
|
8.8 |
HIGH
Network
|
monstra
|
monstra
|
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-18048
|
2024-11-21 12:19 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
