|
247371
|
7.5 |
HIGH
Network
|
kaspersky
|
anti-virus_for_linux_server
|
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.31…
|
CWE-200
Information Exposure
|
CVE-2017-9812
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247372
|
9.8 |
CRITICAL
Network
|
kaspersky
|
anti-virus_for_linux_server
|
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine rea…
|
CWE-20
Improper Input Validation
|
CVE-2017-9811
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247373
|
8.8 |
HIGH
Network
|
kaspersky
|
anti-virus_for_linux_server
|
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacke…
|
CWE-352
Origin Validation Error
|
CVE-2017-9810
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247374
|
7.8 |
HIGH
Local
|
alpinelinux
|
alpine_linux
|
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax h…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-9671
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247375
|
7.8 |
HIGH
Local
|
alpinelinux
|
alpine_linux
|
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-9669
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247376
|
5.4 |
MEDIUM
Network
|
blackcat-cms
|
blackcat_cms
|
Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9609
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247377
|
7.3 |
HIGH
Network
|
fujielectric
|
v-server
|
An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memo…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-9639
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247378
|
7.5 |
HIGH
Network
|
cairographics
opensuse
|
cairo
leap
|
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9814
|
2024-11-21 12:36 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247379
|
7.5 |
HIGH
Network
|
apache
|
http_server
|
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.
|
CWE-416
Use After Free
|
CVE-2017-9789
|
2024-11-21 12:36 |
2017-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247380
|
7.5 |
HIGH
Network
|
apache
|
struts
|
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.
|
NVD-CWE-noinfo
|
CVE-2017-9787
|
2024-11-21 12:36 |
2017-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
