|
248001
|
7.5 |
HIGH
Network
|
qemu
debian
redhat
|
qemu
debian_linux
openstack
|
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-8309
|
2024-11-21 12:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248002
|
7.8 |
HIGH
Local
|
schneider-electric
|
wonderware_indusoft_web_studio
|
An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a…
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-7968
|
2024-11-21 12:33 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248003
|
4.0 |
MEDIUM
Network
|
phoenix_contact_gmbh
|
mguard_firmware
|
An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS s…
|
CWE-287
Improper Authentication
|
CVE-2017-7937
|
2024-11-21 12:33 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248004
|
7.5 |
HIGH
Network
|
mikrotik
|
routeros
|
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing th…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-8338
|
2024-11-21 12:33 |
2017-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248005
|
4.5 |
MEDIUM
Network
|
admidio
|
admidio
|
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
|
CWE-352
Origin Validation Error
|
CVE-2017-8382
|
2024-11-21 12:33 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248006
|
5.4 |
MEDIUM
Network
|
infor
|
enterprise_asset_management
|
INFOR EAM V11.0 Build 201410 has XSS via comment fields.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7953
|
2024-11-21 12:33 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248007
|
8.8 |
HIGH
Network
|
infor
|
enterprise_asset_management
|
INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.
|
CWE-89
SQL Injection
|
CVE-2017-7952
|
2024-11-21 12:33 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248008
|
7.8 |
HIGH
Local
|
google
|
android
|
In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized a…
|
CWE-416
Use After Free
|
CVE-2017-8246
|
2024-11-21 12:33 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248009
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bou…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8245
|
2024-11-21 12:33 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248010
|
7.0 |
HIGH
Local
|
google
|
android
|
In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at …
|
CWE-362
Race Condition
|
CVE-2017-8244
|
2024-11-21 12:33 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
