|
248331
|
8.8 |
HIGH
Network
|
d-link
|
dir-615_firmware
|
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin i…
|
CWE-352
Origin Validation Error
|
CVE-2017-7398
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248332
|
8.2 |
HIGH
Local
|
xen
|
xen
|
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, al…
|
CWE-129
Improper Validation of Array Index
|
CVE-2017-7228
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248333
|
7.8 |
HIGH
Local
|
nixos
|
nixos
|
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.
|
NVD-CWE-noinfo
|
CVE-2017-7412
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248334
|
9.8 |
CRITICAL
Network
|
websitebaker
|
websitebaker
|
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, …
|
CWE-89
SQL Injection
|
CVE-2017-7410
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248335
|
2.4 |
LOW
Physics
|
haxx
|
curl
|
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a w…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7407
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248336
|
7.5 |
HIGH
Network
|
backbox
|
backbox_linux
|
BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-7397
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248337
|
9.8 |
CRITICAL
Network
|
lucidcrew
|
pixie
|
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, …
|
CWE-94
Code Injection
|
CVE-2017-7402
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248338
|
7.5 |
HIGH
Network
|
collectd
|
collectd
|
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-7401
|
2024-11-21 12:31 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248339
|
4.8 |
MEDIUM
Network
|
openstack
|
horizon
|
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7400
|
2024-11-21 12:31 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248340
|
5.5 |
MEDIUM
Local
|
podofo_project
|
podofo
|
The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-7383
|
2024-11-21 12:31 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
