|
247761
|
7.5 |
HIGH
Network
|
eclipse
debian
|
mosquitto
debian_linux
|
In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of serv…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-7654
|
2024-11-21 12:32 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247762
|
5.3 |
MEDIUM
Network
|
eclipse
debian
|
mosquitto
debian_linux
|
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect the…
|
CWE-20
Improper Input Validation
|
CVE-2017-7653
|
2024-11-21 12:32 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247763
|
7.5 |
HIGH
Network
|
eclipse
debian
|
mosquitto
debian_linux
|
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lo…
|
NVD-CWE-noinfo
|
CVE-2017-7652
|
2024-11-21 12:32 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247764
|
7.5 |
HIGH
Network
|
eclipse
debian
|
mosquitto
debian_linux
|
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-7651
|
2024-11-21 12:32 |
2018-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247765
|
9.8 |
CRITICAL
Network
|
saltstack
|
salt
|
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
|
NVD-CWE-noinfo
|
CVE-2017-7893
|
2024-11-21 12:32 |
2018-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247766
|
5.4 |
MEDIUM
Network
|
redhat
|
openshift
|
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creat…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7534
|
2024-11-21 12:32 |
2018-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247767
|
6.1 |
MEDIUM
Network
|
qnap
|
qts
|
Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7632
|
2024-11-21 12:32 |
2018-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247768
|
6.1 |
MEDIUM
Network
|
qnap
|
qts
|
Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web …
|
CWE-79
Cross-site Scripting
|
CVE-2017-7631
|
2024-11-21 12:32 |
2018-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247769
|
5.3 |
MEDIUM
Network
|
qnap
|
qts
|
QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information (firmware version and running services) via a request to sysinf…
|
CWE-200
Information Exposure
|
CVE-2017-7630
|
2024-11-21 12:32 |
2018-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247770
|
8.8 |
HIGH
Network
|
qnap
|
media_streaming_add-on
|
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections.
|
CWE-352
Origin Validation Error
|
CVE-2017-7641
|
2024-11-21 12:32 |
2018-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
