Daniel Jiang

2 exploits Active since Apr 2017
CVE-2019-16097 WRITEUP MEDIUM WRITEUP
Harbor 1.7.0-1.8.2 - Privilege Escalation
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.
CVSS 6.5
CVE-2017-2671 EXPLOITDB MEDIUM c WORKING POC
Linux Kernel < 4.10.8 - Denial of Service via ICMP Socket Protocol Value
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
CVSS 5.5