|
252921
|
8.8 |
HIGH
Local
|
xen
|
xen
|
An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
|
NVD-CWE-noinfo
|
CVE-2017-15590
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252922
|
6.5 |
MEDIUM
Local
|
xen
|
xen
|
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a…
|
CWE-200
Information Exposure
|
CVE-2017-15589
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252923
|
7.8 |
HIGH
Local
|
xen
|
xen
|
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
|
CWE-362
Race Condition
|
CVE-2017-15588
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252924
|
7.8 |
HIGH
Local
|
artifex
|
mupdf
|
An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-15587
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252925
|
6.5 |
MEDIUM
Network
|
hitachienergy
|
fox515t_firmware
|
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not valida…
|
CWE-200
Information Exposure
|
CVE-2017-15583
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252926
|
9.8 |
CRITICAL
Network
|
phpsugar
|
php_melody
|
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
|
CWE-89
SQL Injection
|
CVE-2017-15579
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252927
|
8.8 |
HIGH
Network
|
phpsugar
|
php_melody
|
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
|
CWE-89
SQL Injection
|
CVE-2017-15578
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252928
|
7.5 |
HIGH
Network
|
redmine
debian
|
redmine
debian_linux
|
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.
|
CWE-200
Information Exposure
|
CVE-2017-15577
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252929
|
7.5 |
HIGH
Network
|
redmine
debian
|
redmine
debian_linux
|
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
|
CWE-200
Information Exposure
|
CVE-2017-15576
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252930
|
7.3 |
HIGH
Network
|
redmine
debian
|
redmine
debian_linux
|
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive d…
|
NVD-CWE-noinfo
|
CVE-2017-15575
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
