|
247741
|
8.8 |
HIGH
Local
|
honeywell
|
intermec_pc23_firmware
intermec_pc42_firmware
intermec_pc43_firmware
intermec_pd43_firmware
intermec_pm23_firmware
intermec_pm42_firmware
intermec_pm43_firmware
|
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, whic…
|
CWE-269
Improper Privilege Management
|
CVE-2017-5671
|
2024-11-21 12:28 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247742
|
5.5 |
MEDIUM
Local
|
qemu
debian
redhat
|
qemu
debian_linux
openstack
virtualization
|
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors r…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-5973
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247743
|
7.8 |
HIGH
Local
|
gnu
|
bash
|
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.
|
CWE-20
Improper Input Validation
|
CVE-2017-5932
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247744
|
8.8 |
HIGH
Local
|
qemu
|
qemu
|
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-5931
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247745
|
7.0 |
HIGH
Local
|
s-nail_project
|
s-nail
|
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a …
|
CWE-22
CWE-362
Path Traversal
Race Condition
|
CVE-2017-5899
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247746
|
7.5 |
HIGH
Network
|
openbsd
|
openbsd
|
httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-5850
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247747
|
9.8 |
CRITICAL
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
|
CWE-89
SQL Injection
|
CVE-2017-6013
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247748
|
6.1 |
MEDIUM
Network
|
dotcms
|
dotcms
|
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6003
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247749
|
8.8 |
HIGH
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.
|
CWE-352
Origin Validation Error
|
CVE-2017-6002
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247750
|
5.9 |
MEDIUM
Physics
|
oneplus
|
oxygenos
|
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open …
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-5622
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
