|
247751
|
8.8 |
HIGH
Network
|
nuxeo
|
nuxeo
|
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in …
|
CWE-22
Path Traversal
|
CVE-2017-5869
|
2024-11-21 12:28 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247752
|
5.5 |
MEDIUM
Local
|
apache
|
poi
|
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
|
CWE-776
XML Entity Expansion
|
CVE-2017-5644
|
2024-11-21 12:28 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247753
|
9.8 |
CRITICAL
Network
|
linux
canonical
debian
|
linux_kernel
ubuntu_linux
debian_linux
|
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5897
|
2024-11-21 12:28 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247754
|
6.1 |
MEDIUM
Network
|
kunena
|
kunena
|
In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5673
|
2024-11-21 12:28 |
2017-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247755
|
8.8 |
HIGH
Network
|
d-link
|
dir-600m_firmware
|
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact.
|
CWE-352
Origin Validation Error
|
CVE-2017-5874
|
2024-11-21 12:28 |
2017-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247756
|
5.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-5987
|
2024-11-21 12:28 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247757
|
5.5 |
MEDIUM
Local
|
virglrenderer_project
|
virglrenderer
|
The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_bu…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5956
|
2024-11-21 12:28 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247758
|
2.7 |
LOW
Network
|
opensuse
postfixadmin_project
|
leap
postfixadmin
|
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission ch…
|
CWE-862
Missing Authorization
|
CVE-2017-5930
|
2024-11-21 12:28 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247759
|
7.8 |
HIGH
Local
|
gnu
|
screen
|
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
|
CWE-863
Incorrect Authorization
|
CVE-2017-5618
|
2024-11-21 12:28 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247760
|
6.6 |
MEDIUM
Physics
|
oneplus
|
oxygenos
|
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' i…
|
CWE-269
Improper Privilege Management
|
CVE-2017-5623
|
2024-11-21 12:28 |
2017-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
