|
258771
|
5.9 |
MEDIUM
Network
|
nixos_project
|
nixos
|
NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It …
|
CWE-295
Improper Certificate Validation
|
CVE-2017-11501
|
2024-11-21 12:07 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258772
|
7.5 |
HIGH
Network
|
docker
redhat
|
docker_registry
enterprise_linux_server
|
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumpti…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-11468
|
2024-11-21 12:07 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258773
|
7.5 |
HIGH
Network
|
metinfo
|
metinfo
|
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
|
CWE-22
Path Traversal
|
CVE-2017-11500
|
2024-11-21 12:07 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258774
|
9.8 |
CRITICAL
Network
|
phicomm
|
k2\(psg1218\)-firmware
|
PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated acc…
|
CWE-20
Improper Input Validation
|
CVE-2017-11495
|
2024-11-21 12:07 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258775
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a ma…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-11478
|
2024-11-21 12:07 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258776
|
8.8 |
HIGH
Network
|
glpi-project
|
glpi
|
GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
|
CWE-89
SQL Injection
|
CVE-2017-11475
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258777
|
9.8 |
CRITICAL
Network
|
glpi-project
|
glpi
|
GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.
|
CWE-89
SQL Injection
|
CVE-2017-11474
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258778
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.
|
CWE-120
Classic Buffer Overflow
|
CVE-2017-11473
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258779
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain s…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2017-11472
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258780
|
9.8 |
CRITICAL
Network
|
idera
|
uptime_infrastructure_monitor
|
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
|
CWE-89
SQL Injection
|
CVE-2017-11471
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
