|
250121
|
9.8 |
CRITICAL
Network
|
apple
|
safari
|
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possib…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-5949
|
2024-11-21 12:28 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250122
|
7.5 |
HIGH
Network
|
virustotal
|
yara
|
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.
|
CWE-416
Use After Free
|
CVE-2017-5924
|
2024-11-21 12:28 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250123
|
7.5 |
HIGH
Network
|
virustotal
|
yara
|
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse fu…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5923
|
2024-11-21 12:28 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250124
|
5.4 |
MEDIUM
Network
|
netcomm
|
nb16wv-02_firmware
|
Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5900
|
2024-11-21 12:28 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250125
|
8.8 |
HIGH
Local
|
honeywell
|
intermec_pc23_firmware
intermec_pc42_firmware
intermec_pc43_firmware
intermec_pd43_firmware
intermec_pm23_firmware
intermec_pm42_firmware
intermec_pm43_firmware
|
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, whic…
|
CWE-269
Improper Privilege Management
|
CVE-2017-5671
|
2024-11-21 12:28 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250126
|
5.5 |
MEDIUM
Local
|
qemu
debian
redhat
|
qemu
debian_linux
openstack
virtualization
|
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors r…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-5973
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250127
|
7.8 |
HIGH
Local
|
gnu
|
bash
|
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.
|
CWE-20
Improper Input Validation
|
CVE-2017-5932
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250128
|
8.8 |
HIGH
Local
|
qemu
|
qemu
|
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-5931
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250129
|
7.0 |
HIGH
Local
|
s-nail_project
|
s-nail
|
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a …
|
CWE-22
CWE-362
Path Traversal
Race Condition
|
CVE-2017-5899
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250130
|
7.5 |
HIGH
Network
|
openbsd
|
openbsd
|
httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-5850
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
