|
263871
|
7.1 |
HIGH
Local
|
cisco
|
asyncos
|
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to …
|
CWE-20
Improper Input Validation
|
CVE-2017-12215
|
2024-11-21 12:09 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263872
|
8.8 |
HIGH
Network
|
cisco
|
unified_customer_voice_portal
|
A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remo…
|
CWE-20
Improper Input Validation
|
CVE-2017-12214
|
2024-11-21 12:09 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263873
|
9.8 |
CRITICAL
Network
|
apache
|
struts
|
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
|
CWE-20
Improper Input Validation
|
CVE-2017-12611
|
2024-11-21 12:09 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263874
|
7.5 |
HIGH
Network
|
apache
|
tomcat
|
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext usin…
|
CWE-200
Information Exposure
|
CVE-2017-12616
|
2024-11-21 12:09 |
2017-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263875
|
9.1 |
CRITICAL
Network
|
cisco
|
meeting_server
|
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2017-12249
|
2024-11-21 12:09 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263876
|
7.8 |
HIGH
Local
|
apache
|
spark
|
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentiall…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-12612
|
2024-11-21 12:09 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263877
|
5.4 |
MEDIUM
Network
|
cisco
|
emergency_responder
|
A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failur…
|
CWE-89
SQL Injection
|
CVE-2017-12227
|
2024-11-21 12:09 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263878
|
6.5 |
MEDIUM
Network
|
cisco
|
prime_lan_management_solution
|
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixati…
|
CWE-384
Session Fixation
|
CVE-2017-12225
|
2024-11-21 12:09 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263879
|
6.5 |
MEDIUM
Network
|
cisco
|
meeting_server
|
A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even t…
|
CWE-200
Information Exposure
|
CVE-2017-12224
|
2024-11-21 12:09 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263880
|
6.4 |
MEDIUM
Physics
|
cisco
|
ir800_integrated_services_router_firmware
|
A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device…
|
CWE-20
Improper Input Validation
|
CVE-2017-12223
|
2024-11-21 12:09 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
