|
249081
|
9.8 |
CRITICAL
Network
|
apache
|
http_server
|
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7679
|
2024-11-21 12:32 |
2017-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249082
|
7.5 |
HIGH
Network
|
apache
netapp
redhat
debian
oracle
apple
|
http_server
storagegrid
clustered_data_ontap
oncommand_unified_manager
enterprise_linux_desktop
enterprise_linux_server_aus
enterprise_linux_workstation
enterprise_linux_server_t…
|
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7668
|
2024-11-21 12:32 |
2017-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249083
|
7.5 |
HIGH
Network
|
gnu
|
gnutls
|
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server appli…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-7507
|
2024-11-21 12:32 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249084
|
8.4 |
HIGH
Local
|
apcupsd
|
apc_ups_daemon
|
In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by rep…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-7884
|
2024-11-21 12:32 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249085
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
|
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 bu…
|
CWE-77
Command Injection
|
CVE-2017-7876
|
2024-11-21 12:32 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249086
|
7.5 |
HIGH
Network
|
qnap
|
qts
|
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-7629
|
2024-11-21 12:32 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249087
|
8.6 |
HIGH
Network
|
rockwellautomation
|
panelview_plus_6_700-1500_firmware
|
A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.0…
|
CWE-862
Missing Authorization
|
CVE-2017-7914
|
2024-11-21 12:32 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249088
|
7.5 |
HIGH
Network
|
digital_canal_structural
|
wind_analysis
|
A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7910
|
2024-11-21 12:32 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249089
|
5.9 |
MEDIUM
Network
|
apache
|
ranger
|
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.
|
CWE-862
Missing Authorization
|
CVE-2017-7677
|
2024-11-21 12:32 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249090
|
9.8 |
CRITICAL
Network
|
apache
|
ranger
|
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.
|
CWE-20
Improper Input Validation
|
CVE-2017-7676
|
2024-11-21 12:32 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
