|
258551
|
5.4 |
MEDIUM
Network
|
atlassian
|
crucible
|
The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site sc…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18092
|
2024-11-21 12:19 |
2018-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258552
|
4.8 |
MEDIUM
Network
|
atlassian
|
fisheye
crucible
|
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject …
|
CWE-79
Cross-site Scripting
|
CVE-2017-18091
|
2024-11-21 12:19 |
2018-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258553
|
6.1 |
MEDIUM
Network
|
atlassian
|
fisheye
|
Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18090
|
2024-11-21 12:19 |
2018-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258554
|
5.4 |
MEDIUM
Network
|
atlassian
|
crucible
|
The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scr…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18089
|
2024-11-21 12:19 |
2018-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258555
|
7.5 |
HIGH
Network
|
apple
debian
canonical
|
cups
debian_linux
ubuntu_linux
|
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemo…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2017-18190
|
2024-11-21 12:19 |
2018-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258556
|
7.5 |
HIGH
Network
|
sound_exchange_project
debian
|
sound_exchange
debian_linux
|
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allo…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-18189
|
2024-11-21 12:19 |
2018-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258557
|
4.3 |
MEDIUM
Network
|
atlassian
|
bitbucket
|
Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 be…
|
CWE-20
Improper Input Validation
|
CVE-2017-18088
|
2024-11-21 12:19 |
2018-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258558
|
7.5 |
HIGH
Network
|
atlassian
|
bitbucket
|
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5…
|
NVD-CWE-noinfo
|
CVE-2017-18087
|
2024-11-21 12:19 |
2018-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258559
|
5.5 |
MEDIUM
Local
|
openr
|
opentmpfiles
|
OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which …
|
CWE-59
Link Following
|
CVE-2017-18188
|
2024-11-21 12:19 |
2018-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258560
|
9.8 |
CRITICAL
Network
|
arm
debian
|
mbed_tls
debian_linux
|
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-18187
|
2024-11-21 12:19 |
2018-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
