|
258541
|
7.8 |
HIGH
Local
|
apache
|
james_server
|
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX soc…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-12628
|
2024-11-21 12:09 |
2017-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258542
|
7.8 |
HIGH
Local
|
hashicorp
|
vagrant_vmware_fusion
|
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-12579
|
2024-11-21 12:09 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258543
|
8.8 |
HIGH
Network
|
cisco
|
spa300_firmware
spa500_firmware
|
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cr…
|
CWE-352
Origin Validation Error
|
CVE-2017-12271
|
2024-11-21 12:09 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258544
|
6.7 |
MEDIUM
Local
|
cisco
|
nx-os
|
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying opera…
|
CWE-20
Improper Input Validation
|
CVE-2017-12301
|
2024-11-21 12:09 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258545
|
6.1 |
MEDIUM
Network
|
cisco
|
webex_meeting_center
|
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12298
|
2024-11-21 12:09 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258546
|
6.1 |
MEDIUM
Network
|
cisco
|
webex_meetings_server
|
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability …
|
CWE-79
Cross-site Scripting
|
CVE-2017-12296
|
2024-11-21 12:09 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258547
|
8.6 |
HIGH
Network
|
cisco
|
webex_meetings_server
|
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on th…
|
CWE-119
CWE-400
Incorrect Access of Indexable Resource ('Range Error')
Uncontrolled Resource Consumption
|
CVE-2017-12293
|
2024-11-21 12:09 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258548
|
4.4 |
MEDIUM
Local
|
cisco
|
ios
|
A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system …
|
CWE-200
Information Exposure
|
CVE-2017-12289
|
2024-11-21 12:09 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258549
|
6.1 |
MEDIUM
Network
|
cisco
|
finesse
|
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a …
|
CWE-79
Cross-site Scripting
|
CVE-2017-12288
|
2024-11-21 12:09 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258550
|
4.3 |
MEDIUM
Network
|
cisco
|
expressway
telepresence_video_communication_server
telepresence_conductor
|
A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, r…
|
CWE-20
Improper Input Validation
|
CVE-2017-12287
|
2024-11-21 12:09 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
