|
265911
|
7.8 |
HIGH
Local
|
nylas_mail_lives_project
|
nylas_mail
|
Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000485
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265912
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his ow…
|
CWE-601
Open Redirect
|
CVE-2017-1000484
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265913
|
7.8 |
HIGH
Local
|
linux-dash_project
|
linux-dash
|
Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as …
|
CWE-78
OS Command
|
CVE-2017-1000473
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265914
|
6.5 |
MEDIUM
Network
|
pocoproject
debian
|
poco
debian_linux
|
The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct abso…
|
CWE-22
Path Traversal
|
CVE-2017-1000472
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265915
|
9.8 |
CRITICAL
Network
|
embedthis
|
goahead
|
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-1000471
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265916
|
7.5 |
HIGH
Network
|
embedthis
|
goahead_web_server
|
EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-1000470
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265917
|
9.8 |
CRITICAL
Network
|
cobbler_project
|
cobbler
|
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
|
CWE-20
Improper Input Validation
|
CVE-2017-1000469
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265918
|
5.4 |
MEDIUM
Network
|
bookstackapp
|
bookstack
|
BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000462
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265919
|
4.7 |
MEDIUM
Network
|
brave
|
browser
|
Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000461
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265920
|
6.5 |
MEDIUM
Network
|
libav
ffmpeg
google
|
libav
ffmpeg
chrome
|
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized g…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-1000460
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
