|
248301
|
9.8 |
CRITICAL
Network
|
qnap
|
nas_proxy_server
|
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.
|
CWE-78
OS Command
|
CVE-2017-7637
|
2024-11-21 12:32 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248302
|
6.1 |
MEDIUM
Network
|
qnap
|
nas_proxy_server
|
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7636
|
2024-11-21 12:32 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248303
|
8.8 |
HIGH
Network
|
qnap
|
nas_proxy_server
|
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
|
CWE-352
Origin Validation Error
|
CVE-2017-7635
|
2024-11-21 12:32 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248304
|
7.5 |
HIGH
Network
|
eclipse
debian
|
mosquitto
debian_linux
|
In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of serv…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-7654
|
2024-11-21 12:32 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248305
|
5.3 |
MEDIUM
Network
|
eclipse
debian
|
mosquitto
debian_linux
|
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect the…
|
CWE-20
Improper Input Validation
|
CVE-2017-7653
|
2024-11-21 12:32 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248306
|
7.5 |
HIGH
Network
|
eclipse
debian
|
mosquitto
debian_linux
|
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lo…
|
NVD-CWE-noinfo
|
CVE-2017-7652
|
2024-11-21 12:32 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248307
|
7.5 |
HIGH
Network
|
eclipse
debian
|
mosquitto
debian_linux
|
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-7651
|
2024-11-21 12:32 |
2018-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248308
|
9.8 |
CRITICAL
Network
|
saltstack
|
salt
|
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
|
NVD-CWE-noinfo
|
CVE-2017-7893
|
2024-11-21 12:32 |
2018-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248309
|
5.4 |
MEDIUM
Network
|
redhat
|
openshift
|
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creat…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7534
|
2024-11-21 12:32 |
2018-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248310
|
6.1 |
MEDIUM
Network
|
qnap
|
qts
|
Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7632
|
2024-11-21 12:32 |
2018-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
