|
249971
|
3.3 |
LOW
Local
|
linuxcontainers
|
lxc
|
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ow…
|
CWE-862
Missing Authorization
|
CVE-2017-5985
|
2024-11-21 12:28 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249972
|
5.5 |
MEDIUM
Local
|
virglrenderer_project
|
virglrenderer
|
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), al…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-5957
|
2024-11-21 12:28 |
2017-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249973
|
9.8 |
CRITICAL
Network
|
bitlbee
|
bitlbee-libpurple
bitlbee
|
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-5668
|
2024-11-21 12:28 |
2017-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249974
|
9.8 |
CRITICAL
Network
|
qos
redhat
|
logback
satellite
satellite_capsule
|
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-5929
|
2024-11-21 12:28 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249975
|
8.8 |
HIGH
Network
|
embedthis
|
goahead
|
A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the ma…
|
CWE-77
Command Injection
|
CVE-2017-5675
|
2024-11-21 12:28 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249976
|
9.8 |
CRITICAL
Network
|
embedthis
|
goahead
|
A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - …
|
CWE-200
Information Exposure
|
CVE-2017-5674
|
2024-11-21 12:28 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249977
|
6.1 |
MEDIUM
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using ei…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5621
|
2024-11-21 12:28 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249978
|
6.1 |
MEDIUM
Network
|
zammad
|
zammad
|
An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of exe…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5620
|
2024-11-21 12:28 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249979
|
9.8 |
CRITICAL
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password strin…
|
CWE-287
Improper Authentication
|
CVE-2017-5619
|
2024-11-21 12:28 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249980
|
9.8 |
CRITICAL
Network
|
oneplus
|
oxygenos
|
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking…
|
NVD-CWE-noinfo
|
CVE-2017-5626
|
2024-11-21 12:28 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
