|
254941
|
6.5 |
MEDIUM
Network
|
gridgain
|
gridgain
|
Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary…
|
CWE-22
Path Traversal
|
CVE-2017-14614
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254942
|
7.5 |
HIGH
Network
|
digium
|
asterisk
certified_asterisk
|
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allo…
|
CWE-200
Information Exposure
|
CVE-2017-14603
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254943
|
5.4 |
MEDIUM
Network
|
identicard
|
two-reader_controller_configuration_manager
|
IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user pag…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14973
|
2024-11-21 12:13 |
2017-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254944
|
7.5 |
HIGH
Network
|
infocus
|
mondopad
|
InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file.
|
CWE-287
Improper Authentication
|
CVE-2017-14972
|
2024-11-21 12:13 |
2017-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254945
|
5.5 |
MEDIUM
Local
|
infocuscorp
|
infocus_mondopad
|
Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated w…
|
CWE-200
Information Exposure
|
CVE-2017-14971
|
2024-11-21 12:13 |
2017-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254946
|
5.5 |
MEDIUM
Local
|
lame_project
|
lame
|
LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-15045
|
2024-11-21 12:13 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254947
|
5.9 |
MEDIUM
Network
|
golang
|
go
|
An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. T…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-15042
|
2024-11-21 12:13 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254948
|
9.8 |
CRITICAL
Network
|
golang
debian
redhat
|
go
debian_linux
enterprise_linux_server
enterprise_linux_server_aus
enterprise_linux_eus
enterprise_linux_tus
developer_tools
|
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but …
|
NVD-CWE-noinfo
|
CVE-2017-15041
|
2024-11-21 12:13 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254949
|
8.1 |
HIGH
Network
|
freebsd
|
freebsd
|
In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' cha…
|
CWE-362
CWE-125
Race Condition
Out-of-bounds Read
|
CVE-2017-15037
|
2024-11-21 12:13 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254950
|
7.5 |
HIGH
Network
|
emtec
|
pyrobatchftp
|
EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash).
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15035
|
2024-11-21 12:13 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
