|
254841
|
5.9 |
MEDIUM
Network
|
linux
|
linux_kernel
|
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16913
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254842
|
5.9 |
MEDIUM
Network
|
linux
|
linux_kernel
|
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a special…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-16912
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254843
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is atta…
|
CWE-200
Information Exposure
|
CVE-2017-16911
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254844
|
7.8 |
HIGH
Local
|
haystacksoftware
|
arq
|
The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16945
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254845
|
7.8 |
HIGH
Local
|
haystacksoftware
|
arq
|
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/bl…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16928
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254846
|
6.8 |
MEDIUM
Network
|
atlassian
|
crowd
|
The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST reque…
|
CWE-287
Improper Authentication
|
CVE-2017-16858
|
2024-11-21 12:17 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254847
|
9.8 |
CRITICAL
Network
|
netgain-systems
|
enterprise_manager
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit t…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2017-17407
|
2024-11-21 12:17 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254848
|
9.8 |
CRITICAL
Network
|
netgain-systems
|
enterprise_manager
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The speci…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-17406
|
2024-11-21 12:17 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254849
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
|
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project …
|
CWE-79
Cross-site Scripting
|
CVE-2017-16863
|
2024-11-21 12:17 |
2018-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254850
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira
|
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an env…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-16865
|
2024-11-21 12:17 |
2018-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
