Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-03-31
Updated
2023-02-14
Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack.
Max CVSS
6.1
EPSS Score
0.10%
Published
2017-03-31
Updated
2021-03-29
Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack.
Max CVSS
6.1
EPSS Score
0.10%
Published
2017-03-31
Updated
2021-03-29
Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack.
Max CVSS
6.1
EPSS Score
0.10%
Published
2017-03-31
Updated
2021-03-29
Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack.
Max CVSS
6.1
EPSS Score
0.10%
Published
2017-03-31
Updated
2021-03-29
Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack.
Max CVSS
6.1
EPSS Score
0.09%
Published
2017-03-31
Updated
2021-03-29
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-03-30
Updated
2017-11-04
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.
Max CVSS
9.8
EPSS Score
2.43%
Published
2017-03-30
Updated
2020-01-10
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism.
Max CVSS
8.1
EPSS Score
0.25%
Published
2017-03-30
Updated
2020-01-10
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate.
Max CVSS
8.1
EPSS Score
0.21%
Published
2017-03-30
Updated
2020-01-10
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.
Max CVSS
9.8
EPSS Score
2.43%
Published
2017-03-30
Updated
2020-01-10
setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value.
Max CVSS
6.1
EPSS Score
0.17%
Published
2017-03-30
Updated
2020-01-10
Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.
Max CVSS
9.8
EPSS Score
2.26%
Published
2017-03-30
Updated
2019-10-03

CVE-2017-7310

Public exploit
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
Max CVSS
7.8
EPSS Score
93.38%
Published
2017-03-29
Updated
2018-03-08
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3.
Max CVSS
4.8
EPSS Score
5.29%
Published
2017-03-31
Updated
2017-07-12

CVE-2017-7308

Public exploit
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.
Max CVSS
7.8
EPSS Score
0.09%
Published
2017-03-29
Updated
2023-02-14
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.
Max CVSS
7.5
EPSS Score
0.08%
Published
2017-03-29
Updated
2017-03-31
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.
Max CVSS
7.5
EPSS Score
0.08%
Published
2017-03-29
Updated
2017-03-31
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.
Max CVSS
7.5
EPSS Score
0.08%
Published
2017-03-29
Updated
2017-03-31
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.
Max CVSS
7.5
EPSS Score
0.08%
Published
2017-03-29
Updated
2017-03-31
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.
Max CVSS
7.5
EPSS Score
0.08%
Published
2017-03-29
Updated
2017-03-31
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.
Max CVSS
5.5
EPSS Score
0.06%
Published
2017-03-29
Updated
2017-03-31
In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element.
Max CVSS
5.4
EPSS Score
0.07%
Published
2017-03-29
Updated
2018-05-18
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.
Max CVSS
8.8
EPSS Score
0.09%
Published
2017-03-29
Updated
2022-04-13
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-03-29
Updated
2023-02-10
1286 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!