|
253611
|
4.7 |
MEDIUM
Local
|
dropbear_ssh_project
debian
|
dropbear_ssh
debian_linux
|
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is re…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-9079
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253612
|
8.8 |
HIGH
Network
|
dropbear_ssh_project
debian
netapp
|
dropbear_ssh
debian_linux
h410c_firmware
|
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
|
CWE-415
Double Free
|
CVE-2017-9078
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253613
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified …
|
NVD-CWE-noinfo
|
CVE-2017-9077
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253614
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified…
|
NVD-CWE-noinfo
|
CVE-2017-9076
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253615
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified …
|
NVD-CWE-noinfo
|
CVE-2017-9075
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253616
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9074
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253617
|
6.1 |
MEDIUM
Network
|
calendarxp
|
popcalendarxp
flatcalendarxp
|
Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9072
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253618
|
4.7 |
MEDIUM
Network
|
modx
|
modx_revolution
|
In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9071
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253619
|
5.4 |
MEDIUM
Network
|
modx
|
modx_revolution
|
In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9070
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253620
|
8.8 |
HIGH
Network
|
modx
|
modx_revolution
|
In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-9069
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
