|
253841
|
8.8 |
HIGH
Adjacent
|
broadcom
|
hardmac_wi-fi_soc_firmware
|
On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6956
|
2024-11-21 12:30 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253842
|
5.5 |
MEDIUM
Local
|
apple
|
mac_os_x
|
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows att…
|
CWE-20
Improper Input Validation
|
CVE-2017-6974
|
2024-11-21 12:30 |
2017-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253843
|
4.8 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. Thi…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6973
|
2024-11-21 12:30 |
2017-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253844
|
5.4 |
MEDIUM
Network
|
siemens
|
ruggedcom_rox_i
|
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6864
|
2024-11-21 12:30 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253845
|
7.8 |
HIGH
Local
|
canonical
debian
|
ubuntu_linux
debian_linux
|
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute cod…
|
CWE-252
Unchecked Return Value
|
CVE-2017-6964
|
2024-11-21 12:30 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253846
|
5.4 |
MEDIUM
Network
|
metinfo
|
metinfo
|
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6878
|
2024-11-21 12:30 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253847
|
8.1 |
HIGH
Network
|
broadcom
|
bcm4339_soc_firmware
|
Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6957
|
2024-11-21 12:30 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253848
|
9.8 |
CRITICAL
Network
|
sap
|
gui_for_windows
|
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-6950
|
2024-11-21 12:30 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253849
|
6.6 |
MEDIUM
Physics
|
usb_pratirodh_project
|
usb_pratirodh
|
USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify …
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2017-6911
|
2024-11-21 12:30 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253850
|
9.8 |
CRITICAL
Network
|
usb_pratirodh_project
|
usb_pratirodh
|
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml.
|
CWE-611
XXE
|
CVE-2017-6895
|
2024-11-21 12:30 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
