|
246891
|
7.8 |
HIGH
Local
|
alpinelinux
|
alpine_linux
|
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-9669
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246892
|
5.4 |
MEDIUM
Network
|
blackcat-cms
|
blackcat_cms
|
Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9609
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246893
|
7.3 |
HIGH
Network
|
fujielectric
|
v-server
|
An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memo…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-9639
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246894
|
7.5 |
HIGH
Network
|
cairographics
opensuse
|
cairo
leap
|
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9814
|
2024-11-21 12:36 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246895
|
7.5 |
HIGH
Network
|
apache
|
http_server
|
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.
|
CWE-416
Use After Free
|
CVE-2017-9789
|
2024-11-21 12:36 |
2017-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246896
|
7.5 |
HIGH
Network
|
apache
|
struts
|
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.
|
NVD-CWE-noinfo
|
CVE-2017-9787
|
2024-11-21 12:36 |
2017-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246897
|
9.1 |
CRITICAL
Network
|
apache
debian
apple
netapp
redhat
oracle
|
http_server
debian_linux
mac_os_x
storage_automation_store
oncommand_unified_manager
enterprise_linux_desktop
enterprise_linux_server_aus
enterprise_linux_workstation
enterpri…
|
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assi…
|
CWE-200
CWE-20
Information Exposure
Improper Input Validation
|
CVE-2017-9788
|
2024-11-21 12:36 |
2017-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246898
|
7.5 |
HIGH
Network
|
sap
|
netweaver
|
disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-9845
|
2024-11-21 12:36 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246899
|
9.8 |
CRITICAL
Network
|
sap
|
netweaver
|
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-9844
|
2024-11-21 12:36 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246900
|
2.7 |
LOW
Network
|
sap
|
netweaver_abap
|
SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.
|
NVD-CWE-noinfo
|
CVE-2017-9843
|
2024-11-21 12:36 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
