|
253401
|
6.5 |
MEDIUM
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Audit…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-6338
|
2024-11-21 12:29 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253402
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have u…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6448
|
2024-11-21 12:29 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253403
|
7.5 |
HIGH
Network
|
php
|
php
|
The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-6441
|
2024-11-21 12:29 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253404
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified othe…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6194
|
2024-11-21 12:29 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253405
|
7.5 |
HIGH
Network
|
ruby-lang
|
ruby
|
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion a…
|
CWE-20
Improper Input Validation
|
CVE-2017-6181
|
2024-11-21 12:29 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253406
|
8.1 |
HIGH
Network
|
sophos
|
web_appliance
|
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
|
CWE-384
Session Fixation
|
CVE-2017-6412
|
2024-11-21 12:29 |
2017-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253407
|
4.7 |
MEDIUM
Network
|
sophos
|
web_appliance
|
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
|
CWE-77
Command Injection
|
CVE-2017-6184
|
2024-11-21 12:29 |
2017-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253408
|
7.2 |
HIGH
Network
|
sophos
|
web_appliance
|
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NS…
|
CWE-77
Command Injection
|
CVE-2017-6183
|
2024-11-21 12:29 |
2017-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253409
|
9.8 |
CRITICAL
Network
|
sophos
|
web_appliance
|
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
|
CWE-78
OS Command
|
CVE-2017-6182
|
2024-11-21 12:29 |
2017-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253410
|
9.8 |
CRITICAL
Network
|
putty
opensuse_project
opensuse
|
putty
leap
|
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6542
|
2024-11-21 12:29 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
