|
254101
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5367
|
2024-11-21 12:27 |
2017-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254102
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local…
|
CWE-388
7PK - Errors
|
CVE-2017-5577
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254103
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-5576
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254104
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group pri…
|
NVD-CWE-noinfo
|
CVE-2017-5551
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254105
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportu…
|
CWE-200
Information Exposure
|
CVE-2017-5550
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254106
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line sta…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-5549
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254107
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or m…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5548
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254108
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5547
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254109
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possi…
|
NVD-CWE-noinfo
|
CVE-2017-5546
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254110
|
6.2 |
MEDIUM
Local
|
sendquick
|
entera_sms_gateway_firmware
avera_sms_gateway_firmware
|
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-5137
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
