|
250681
|
10.0 |
CRITICAL
Network
|
projectatomic
|
bubblewrap
|
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an a…
|
CWE-20
Improper Input Validation
|
CVE-2017-5226
|
2024-11-21 12:27 |
2017-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250682
|
7.5 |
HIGH
Network
|
eviewgps
|
ev-07s_gps_tracker_firmware
|
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying infor…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-5239
|
2024-11-21 12:27 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250683
|
5.3 |
MEDIUM
Network
|
eviewgps
|
ev-07s_gps_tracker_firmware
|
Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5238
|
2024-11-21 12:27 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250684
|
7.5 |
HIGH
Network
|
eviewgps
|
ev-07s_gps_tracker_firmware
|
Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"
|
CWE-287
Improper Authentication
|
CVE-2017-5237
|
2024-11-21 12:27 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250685
|
7.8 |
HIGH
Local
|
fedoraproject
kde
|
fedora
ark
|
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
|
CWE-78
OS Command
|
CVE-2017-5330
|
2024-11-21 12:27 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250686
|
9.8 |
CRITICAL
Network
|
imagemagick
debian
|
imagemagick
debian_linux
|
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5511
|
2024-11-21 12:27 |
2017-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250687
|
7.8 |
HIGH
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-5510
|
2024-11-21 12:27 |
2017-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250688
|
7.8 |
HIGH
Local
|
imagemagick
|
imagemagick
|
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-5509
|
2024-11-21 12:27 |
2017-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250689
|
5.5 |
MEDIUM
Local
|
imagemagick
|
imagemagick
|
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5508
|
2024-11-21 12:27 |
2017-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250690
|
7.5 |
HIGH
Network
|
imagemagick
debian
|
imagemagick
debian_linux
|
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-5507
|
2024-11-21 12:27 |
2017-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
