|
258591
|
5.3 |
MEDIUM
Network
|
cisco
|
wide_area_application_services
|
A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related proces…
|
CWE-20
Improper Input Validation
|
CVE-2017-12250
|
2024-11-21 12:09 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258592
|
6.1 |
MEDIUM
Network
|
cisco
|
unified_intelligence_center
|
A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user o…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12248
|
2024-11-21 12:09 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258593
|
7.5 |
HIGH
Network
|
cisco
|
spa_301_firmware
spa_303_firmware
spa_500ds_firmware
spa_500s_firmware
spa_501g_firmware
spa_502g_firmware
spa_504g_firmware
spa_508g_firmware
spa_509g_firmware
spa_512g_fi…
|
A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload …
|
NVD-CWE-noinfo
|
CVE-2017-12219
|
2024-11-21 12:09 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258594
|
7.1 |
HIGH
Local
|
cisco
|
asyncos
|
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to …
|
CWE-20
Improper Input Validation
|
CVE-2017-12215
|
2024-11-21 12:09 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258595
|
8.8 |
HIGH
Network
|
cisco
|
unified_customer_voice_portal
|
A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remo…
|
CWE-20
Improper Input Validation
|
CVE-2017-12214
|
2024-11-21 12:09 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258596
|
9.8 |
CRITICAL
Network
|
apache
|
struts
|
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
|
CWE-20
Improper Input Validation
|
CVE-2017-12611
|
2024-11-21 12:09 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258597
|
7.5 |
HIGH
Network
|
apache
|
tomcat
|
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext usin…
|
CWE-200
Information Exposure
|
CVE-2017-12616
|
2024-11-21 12:09 |
2017-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258598
|
9.1 |
CRITICAL
Network
|
cisco
|
meeting_server
|
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2017-12249
|
2024-11-21 12:09 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258599
|
7.8 |
HIGH
Local
|
apache
|
spark
|
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentiall…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-12612
|
2024-11-21 12:09 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258600
|
5.4 |
MEDIUM
Network
|
cisco
|
emergency_responder
|
A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failur…
|
CWE-89
SQL Injection
|
CVE-2017-12227
|
2024-11-21 12:09 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
