|
250611
|
7.8 |
HIGH
Local
|
gnu
|
bash
|
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.
|
CWE-20
Improper Input Validation
|
CVE-2017-5932
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250612
|
8.8 |
HIGH
Local
|
qemu
|
qemu
|
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-5931
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250613
|
7.0 |
HIGH
Local
|
s-nail_project
|
s-nail
|
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a …
|
CWE-22
CWE-362
Path Traversal
Race Condition
|
CVE-2017-5899
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250614
|
7.5 |
HIGH
Network
|
openbsd
|
openbsd
|
httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-5850
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250615
|
9.8 |
CRITICAL
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
|
CWE-89
SQL Injection
|
CVE-2017-6013
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250616
|
6.1 |
MEDIUM
Network
|
dotcms
|
dotcms
|
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6003
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250617
|
8.8 |
HIGH
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.
|
CWE-352
Origin Validation Error
|
CVE-2017-6002
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250618
|
5.9 |
MEDIUM
Physics
|
oneplus
|
oxygenos
|
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open …
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-5622
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250619
|
8.8 |
HIGH
Network
|
nuxeo
|
nuxeo
|
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in …
|
CWE-22
Path Traversal
|
CVE-2017-5869
|
2024-11-21 12:28 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250620
|
5.5 |
MEDIUM
Local
|
apache
|
poi
|
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
|
CWE-776
XML Entity Expansion
|
CVE-2017-5644
|
2024-11-21 12:28 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
