|
259151
|
9.8 |
CRITICAL
Network
|
glpi-project
|
glpi
|
GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.
|
CWE-89
SQL Injection
|
CVE-2017-11474
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259152
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.
|
CWE-120
Classic Buffer Overflow
|
CVE-2017-11473
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259153
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain s…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2017-11472
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259154
|
9.8 |
CRITICAL
Network
|
idera
|
uptime_infrastructure_monitor
|
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
|
CWE-89
SQL Injection
|
CVE-2017-11471
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259155
|
9.8 |
CRITICAL
Network
|
idera
|
uptime_infrastructure_monitor
|
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
|
CWE-89
SQL Injection
|
CVE-2017-11470
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259156
|
7.5 |
HIGH
Network
|
idera
|
uptime_infrastructure_monitor
|
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.
|
CWE-22
Path Traversal
|
CVE-2017-11469
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259157
|
9.8 |
CRITICAL
Network
|
orientdb
|
orientdb
|
OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.
|
CWE-269
Improper Privilege Management
|
CVE-2017-11467
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259158
|
7.2 |
HIGH
Network
|
dotcms
|
dotcms
|
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-11466
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259159
|
9.8 |
CRITICAL
Network
|
ruby-lang
|
ruby
|
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2017-11465
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259160
|
7.8 |
HIGH
Local
|
gnome
|
librsvg
|
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.
|
CWE-369
Divide By Zero
|
CVE-2017-11464
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
