|
253921
|
9.8 |
CRITICAL
Network
|
konakart
|
konakart
|
Path traversal vulnerability in the administrative panel in KonaKart eCommerce Platform version 8.7 and earlier could allow an attacker to download system files, as well as upload specially crafted J…
|
CWE-22
Path Traversal
|
CVE-2017-17108
|
2024-11-21 12:17 |
2018-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253922
|
9.8 |
CRITICAL
Network
|
atlassian
|
fisheye
crucible
|
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or …
|
NVD-CWE-noinfo
|
CVE-2017-16861
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253923
|
5.9 |
MEDIUM
Network
|
linux
|
linux_kernel
|
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-16914
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253924
|
5.9 |
MEDIUM
Network
|
linux
|
linux_kernel
|
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16913
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253925
|
5.9 |
MEDIUM
Network
|
linux
|
linux_kernel
|
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a special…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-16912
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253926
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is atta…
|
CWE-200
Information Exposure
|
CVE-2017-16911
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253927
|
7.8 |
HIGH
Local
|
haystacksoftware
|
arq
|
The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16945
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253928
|
7.8 |
HIGH
Local
|
haystacksoftware
|
arq
|
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/bl…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16928
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253929
|
6.8 |
MEDIUM
Network
|
atlassian
|
crowd
|
The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST reque…
|
CWE-287
Improper Authentication
|
CVE-2017-16858
|
2024-11-21 12:17 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253930
|
9.8 |
CRITICAL
Network
|
netgain-systems
|
enterprise_manager
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit t…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2017-17407
|
2024-11-21 12:17 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
