|
257851
|
9.8 |
CRITICAL
Network
|
apache
|
struts
|
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
|
CWE-20
Improper Input Validation
|
CVE-2017-12611
|
2024-11-21 12:09 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257852
|
7.5 |
HIGH
Network
|
apache
|
tomcat
|
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext usin…
|
CWE-200
Information Exposure
|
CVE-2017-12616
|
2024-11-21 12:09 |
2017-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257853
|
9.1 |
CRITICAL
Network
|
cisco
|
meeting_server
|
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2017-12249
|
2024-11-21 12:09 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257854
|
7.8 |
HIGH
Local
|
apache
|
spark
|
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentiall…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-12612
|
2024-11-21 12:09 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257855
|
5.4 |
MEDIUM
Network
|
cisco
|
emergency_responder
|
A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failur…
|
CWE-89
SQL Injection
|
CVE-2017-12227
|
2024-11-21 12:09 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257856
|
6.5 |
MEDIUM
Network
|
cisco
|
prime_lan_management_solution
|
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixati…
|
CWE-384
Session Fixation
|
CVE-2017-12225
|
2024-11-21 12:09 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257857
|
6.5 |
MEDIUM
Network
|
cisco
|
meeting_server
|
A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even t…
|
CWE-200
Information Exposure
|
CVE-2017-12224
|
2024-11-21 12:09 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257858
|
6.4 |
MEDIUM
Physics
|
cisco
|
ir800_integrated_services_router_firmware
|
A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device…
|
CWE-20
Improper Input Validation
|
CVE-2017-12223
|
2024-11-21 12:09 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257859
|
5.4 |
MEDIUM
Network
|
cisco
|
firepower_management_center
|
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interf…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12221
|
2024-11-21 12:09 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257860
|
6.1 |
MEDIUM
Network
|
cisco
|
firepower_management_center
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack aga…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12220
|
2024-11-21 12:09 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
