|
250991
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line sta…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-5549
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250992
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or m…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5548
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250993
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5547
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250994
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possi…
|
NVD-CWE-noinfo
|
CVE-2017-5546
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250995
|
6.2 |
MEDIUM
Local
|
sendquick
|
entera_sms_gateway_firmware
avera_sms_gateway_firmware
|
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-5137
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250996
|
7.5 |
HIGH
Network
|
sendquick
|
entera_sms_gateway_firmware
avera_sms_gateway_firmware
|
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown …
|
CWE-862
Missing Authorization
|
CVE-2017-5136
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250997
|
9.8 |
CRITICAL
Network
|
netapp
|
oncommand_insight
|
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-5600
|
2024-11-21 12:27 |
2017-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250998
|
9.8 |
CRITICAL
Network
|
sagecrm
|
sagecrm
|
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided funct…
|
CWE-22
Path Traversal
|
CVE-2017-5219
|
2024-11-21 12:27 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250999
|
8.8 |
HIGH
Network
|
sagecrm
|
sagecrm
|
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to …
|
CWE-89
SQL Injection
|
CVE-2017-5218
|
2024-11-21 12:27 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251000
|
4.9 |
MEDIUM
Network
|
citrix
|
xenserver
|
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators.
|
NVD-CWE-noinfo
|
CVE-2017-5573
|
2024-11-21 12:27 |
2017-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
