|
248341
|
8.8 |
HIGH
Local
|
xen
|
xen
|
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
|
CWE-682
Incorrect Calculation
|
CVE-2017-8905
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248342
|
8.8 |
HIGH
Local
|
xen
|
xen
|
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the…
|
NVD-CWE-noinfo
|
CVE-2017-8904
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248343
|
8.8 |
HIGH
Local
|
xen
|
xen
|
Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.
|
NVD-CWE-noinfo
|
CVE-2017-8903
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248344
|
5.9 |
MEDIUM
Network
|
oneplus
|
oxygenos
|
An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-8851
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248345
|
5.9 |
MEDIUM
Network
|
oneplus
|
oxygenos
|
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers c…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-8850
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248346
|
9.8 |
CRITICAL
Network
|
invisioncommunity
|
invision_power_board
|
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack use…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8898
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248347
|
6.1 |
MEDIUM
Network
|
invisioncommunity
|
invision_power_board
|
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8897
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248348
|
8.1 |
HIGH
Network
|
invisioncommunity
|
invision_power_board
|
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered b…
|
CWE-79
CWE-200
Cross-site Scripting
Information Exposure
|
CVE-2017-8899
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248349
|
9.8 |
CRITICAL
Network
|
miniupnp_project
|
miniupnpd
|
Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8798
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248350
|
9.8 |
CRITICAL
Network
|
veritas
|
backup_exec
|
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of ser…
|
CWE-416
Use After Free
|
CVE-2017-8895
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
