|
251581
|
9.8 |
CRITICAL
Network
|
sangoma
|
netborder\/vega_session_firmware
|
Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.
|
CWE-287
Improper Authentication
|
CVE-2017-17430
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251582
|
8.8 |
HIGH
Network
|
ispconfig
|
ispconfig
|
ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job.
|
CWE-269
Improper Privilege Management
|
CVE-2017-17384
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251583
|
6.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.
|
CWE-369
Divide By Zero
|
CVE-2017-17381
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251584
|
9.0 |
CRITICAL
Network
|
articatech
|
artica_proxy
|
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.…
|
CWE-78
OS Command
|
CVE-2017-17055
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251585
|
6.1 |
MEDIUM
Network
|
mistserver
|
mistserver
|
Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16884
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251586
|
6.1 |
MEDIUM
Network
|
wpmailster
|
wp_mailster
|
The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17451
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251587
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended ac…
|
CWE-862
Missing Authorization
|
CVE-2017-17450
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251588
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net…
|
CWE-200
Information Exposure
|
CVE-2017-17449
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251589
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended acces…
|
CWE-862
Missing Authorization
|
CVE-2017-17448
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251590
|
6.5 |
MEDIUM
Network
|
game-music-emu_project
|
game-music-emu
|
The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a deni…
|
CWE-681
Incorrect Conversion between Numeric Types
|
CVE-2017-17446
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
