|
250451
|
8.8 |
HIGH
Network
|
fossil_scm
|
fossil
|
http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hos…
|
NVD-CWE-noinfo
|
CVE-2017-17459
|
2024-11-21 12:17 |
2017-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250452
|
9.8 |
CRITICAL
Network
|
mercurial
debian
|
mercurial
debian_linux
|
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the rep…
|
CWE-78
OS Command
|
CVE-2017-17458
|
2024-11-21 12:17 |
2017-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250453
|
9.8 |
CRITICAL
Network
|
sangoma
|
netborder\/vega_session_firmware
|
Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.
|
CWE-287
Improper Authentication
|
CVE-2017-17430
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250454
|
8.8 |
HIGH
Network
|
ispconfig
|
ispconfig
|
ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job.
|
CWE-269
Improper Privilege Management
|
CVE-2017-17384
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250455
|
6.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.
|
CWE-369
Divide By Zero
|
CVE-2017-17381
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250456
|
9.0 |
CRITICAL
Network
|
articatech
|
artica_proxy
|
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.…
|
CWE-78
OS Command
|
CVE-2017-17055
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250457
|
6.1 |
MEDIUM
Network
|
mistserver
|
mistserver
|
Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16884
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250458
|
6.1 |
MEDIUM
Network
|
wpmailster
|
wp_mailster
|
The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17451
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250459
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended ac…
|
CWE-862
Missing Authorization
|
CVE-2017-17450
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250460
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net…
|
CWE-200
Information Exposure
|
CVE-2017-17449
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
