|
247991
|
9.8 |
CRITICAL
Network
|
haxx
debian
|
libcurl
curl
debian_linux
|
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application cr…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-8816
|
2024-11-21 12:34 |
2017-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247992
|
9.8 |
CRITICAL
Network
|
cohuhd
|
3960hd_firmware
|
Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as dem…
|
CWE-693
Protection Mechanism Failure
|
CVE-2017-8864
|
2024-11-21 12:34 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247993
|
7.5 |
HIGH
Network
|
cohuhd
|
3960hd_firmware
|
Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser.
|
CWE-200
Information Exposure
|
CVE-2017-8863
|
2024-11-21 12:34 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247994
|
9.8 |
CRITICAL
Network
|
cohuhd
|
3960hd_firmware
|
The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "ro…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-8862
|
2024-11-21 12:34 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247995
|
9.8 |
CRITICAL
Network
|
cohuhd
|
3960hd_firmware
|
Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially craft…
|
CWE-287
Improper Authentication
|
CVE-2017-8861
|
2024-11-21 12:34 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247996
|
6.5 |
MEDIUM
Network
|
cohuhd
|
3960hd_firmware
|
Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web …
|
CWE-200
Information Exposure
|
CVE-2017-8860
|
2024-11-21 12:34 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247997
|
9.1 |
CRITICAL
Network
|
varnish-cache
varnish_cache_project
debian
|
varnish
varnish_cache
debian_linux
|
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a V…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8807
|
2024-11-21 12:34 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247998
|
7.5 |
HIGH
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
|
CWE-20
Improper Input Validation
|
CVE-2017-8815
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247999
|
7.5 |
HIGH
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
|
CWE-20
Improper Input Validation
|
CVE-2017-8814
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248000
|
5.3 |
MEDIUM
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
|
NVD-CWE-noinfo
|
CVE-2017-8812
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
