|
250191
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trig…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2017-7294
|
2024-11-21 12:31 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250192
|
8.8 |
HIGH
Network
|
suse
|
rancher
|
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/serve…
|
NVD-CWE-noinfo
|
CVE-2017-7297
|
2024-11-21 12:31 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250193
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data str…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7277
|
2024-11-21 12:31 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250194
|
5.5 |
MEDIUM
Local
|
imagemagick
|
imagemagick
|
The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOT…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7275
|
2024-11-21 12:31 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250195
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-7274
|
2024-11-21 12:31 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250196
|
6.6 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possib…
|
NVD-CWE-Other
|
CVE-2017-7273
|
2024-11-21 12:31 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250197
|
7.4 |
HIGH
Network
|
php
|
php
|
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is r…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-7272
|
2024-11-21 12:31 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250198
|
6.1 |
MEDIUM
Network
|
yii_software
|
yii
|
Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request da…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7271
|
2024-11-21 12:31 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250199
|
9.8 |
CRITICAL
Network
|
irssi
|
irssi
|
The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors.
|
CWE-416
Use After Free
|
CVE-2017-7191
|
2024-11-21 12:31 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250200
|
7.5 |
HIGH
Network
|
extraputty
|
extraputty
|
The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.
|
CWE-20
Improper Input Validation
|
CVE-2017-7183
|
2024-11-21 12:31 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
