|
249711
|
9.8 |
CRITICAL
Network
|
acme
|
thttpd
mini_httpd
|
The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17663
|
2024-11-21 12:18 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249712
|
6.1 |
MEDIUM
Network
|
synacor
|
zimbra_collaboration_suite
|
Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17703
|
2024-11-21 12:18 |
2018-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249713
|
7.8 |
HIGH
Local
|
artifex
|
mupdf
|
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because x…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17858
|
2024-11-21 12:18 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249714
|
5.7 |
MEDIUM
Adjacent
|
google
|
android
|
In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Blueto…
|
CWE-20
Improper Input Validation
|
CVE-2017-17860
|
2024-11-21 12:18 |
2018-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249715
|
5.9 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to de…
|
NVD-CWE-noinfo
|
CVE-2017-17841
|
2024-11-21 12:18 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249716
|
7.5 |
HIGH
Network
|
yawcam
|
yawcam
|
Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed …
|
CWE-22
Path Traversal
|
CVE-2017-17662
|
2024-11-21 12:18 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249717
|
9.8 |
CRITICAL
Network
|
fasterxml
debian
redhat
netapp
|
jackson-databind
debian_linux
jboss_enterprise_application_platform
openshift_container_platform
snapcenter
e-series_santricity_web_services_proxy
e-series_santricity_os_controller<…
|
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploit…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-17485
|
2024-11-21 12:18 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249718
|
8.8 |
HIGH
Network
|
intenogroup
|
iopsys
|
Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary progra…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-17867
|
2024-11-21 12:18 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249719
|
6.1 |
MEDIUM
Network
|
apache
|
deltaspike
|
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limit…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17837
|
2024-11-21 12:18 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249720
|
7.4 |
HIGH
Network
|
swhouse
|
istar_ultra_firmware
|
A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM an…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2017-17704
|
2024-11-21 12:18 |
2017-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
