|
199481
|
5.4 |
MEDIUM
Network
|
passbolt
|
passbolt_api
|
Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000442
|
2024-11-21 12:04 |
2018-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199482
|
5.9 |
MEDIUM
Network
|
erlang
debian
|
erlang\/otp
debian_linux
|
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's priv…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2017-1000385
|
2024-11-21 12:04 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199483
|
7.4 |
HIGH
Adjacent
|
redhat
linux
debian
canonical
|
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
virtualization_host
enterprise_linux_server_tus
enterprise_linux_server_eus
enterprise_linux_server_aus…
|
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2017-1000407
|
2024-11-21 12:04 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199484
|
7.5 |
HIGH
Network
|
linux
debian
redhat
|
linux_kernel
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_eus
virtualization_host
enterprise_linux_server_tu…
|
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of…
|
CWE-200
Information Exposure
|
CVE-2017-1000410
|
2024-11-21 12:04 |
2017-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199485
|
7.0 |
HIGH
Local
|
linux
|
linux_kernel
|
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In suc…
|
CWE-362
Race Condition
|
CVE-2017-1000405
|
2024-11-21 12:04 |
2017-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199486
|
7.5 |
HIGH
Network
|
opendaylight
|
karaf
|
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
|
CWE-254
7PK - Security Features
|
CVE-2017-1000406
|
2024-11-21 12:04 |
2017-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199487
|
8.8 |
HIGH
Network
|
swagger
|
swagger-parser
swagger-codegen
|
A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000207
|
2024-11-21 12:04 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199488
|
7.8 |
HIGH
Local
|
gnome
|
evince
|
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
|
CWE-78
OS Command
|
CVE-2017-1000159
|
2024-11-21 12:04 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199489
|
8.8 |
HIGH
Network
|
typed_function_project
|
typed_function
|
typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
|
CWE-20
Improper Input Validation
|
CVE-2017-1001004
|
2024-11-21 12:04 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199490
|
9.8 |
CRITICAL
Network
|
mathjs_project
|
mathjs
|
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
|
CWE-20
Improper Input Validation
|
CVE-2017-1001003
|
2024-11-21 12:04 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
