|
250321
|
5.9 |
MEDIUM
Network
|
yaxim
|
bruno
yaxim
|
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This…
|
CWE-20
CWE-346
Improper Input Validation
Origin Validation Error
|
CVE-2017-5589
|
2024-11-21 12:27 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250322
|
8.8 |
HIGH
Local
|
firejail_project
|
firejail
|
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users …
|
CWE-862
Missing Authorization
|
CVE-2017-5180
|
2024-11-21 12:27 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250323
|
5.5 |
MEDIUM
Local
|
zoneminder
|
zoneminder
|
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated…
|
CWE-200
Information Exposure
|
CVE-2017-5595
|
2024-11-21 12:27 |
2017-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250324
|
8.8 |
HIGH
Network
|
zoneminder
|
zoneminder
|
ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the c…
|
CWE-352
Origin Validation Error
|
CVE-2017-5368
|
2024-11-21 12:27 |
2017-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250325
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5367
|
2024-11-21 12:27 |
2017-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250326
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local…
|
CWE-388
7PK - Errors
|
CVE-2017-5577
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250327
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-5576
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250328
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group pri…
|
NVD-CWE-noinfo
|
CVE-2017-5551
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250329
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportu…
|
CWE-200
Information Exposure
|
CVE-2017-5550
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250330
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line sta…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-5549
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
