|
257551
|
9.8 |
CRITICAL
Network
|
apache2triad
|
apache2triad
|
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
|
CWE-384
Session Fixation
|
CVE-2017-12965
|
2024-11-21 12:10 |
2017-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257552
|
6.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-12809
|
2024-11-21 12:10 |
2017-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257553
|
8.8 |
HIGH
Network
|
newsbeuter
debian
|
newsbeuter
debian_linux
|
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by cra…
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2017-12904
|
2024-11-21 12:10 |
2017-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257554
|
9.8 |
CRITICAL
Network
|
libzip
|
libzip
|
Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.
|
CWE-415
Double Free
|
CVE-2017-12858
|
2024-11-21 12:10 |
2017-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257555
|
4.8 |
MEDIUM
Network
|
icewarp
|
mail_server
|
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user n…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12844
|
2024-11-21 12:10 |
2017-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257556
|
9.8 |
CRITICAL
Network
|
saltstack
|
salt
|
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master …
|
CWE-22
Path Traversal
|
CVE-2017-12791
|
2024-11-21 12:10 |
2017-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257557
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denia…
|
CWE-617
Reachable Assertion
|
CVE-2017-13132
|
2024-11-21 12:10 |
2017-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257558
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList …
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-13131
|
2024-11-21 12:10 |
2017-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257559
|
7.8 |
HIGH
Local
|
bmc
|
patrol
|
mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substr…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-13130
|
2024-11-21 12:10 |
2017-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257560
|
9.8 |
CRITICAL
Network
|
noviflow
|
noviware
|
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12787
|
2024-11-21 12:10 |
2017-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
