|
249451
|
8.8 |
HIGH
ネットワーク
|
ntp
hpe
apple
siemens
|
ntp
hpux-ntp
mac_os_x
simatic_net_cp_443-1_opc_ua_firmware
|
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
|
CWE-119
バッファエラー
|
CVE-2017-6458
|
2024-11-21 12:29 |
2017-03-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249452
|
7.0 |
HIGH
ローカル
|
ntp
|
ntp
|
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.
|
CWE-94
コード・インジェクション
|
CVE-2017-6455
|
2024-11-21 12:29 |
2017-03-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249453
|
7.8 |
HIGH
ローカル
|
ntp
|
ntp
|
Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.
|
CWE-119
バッファエラー
|
CVE-2017-6452
|
2024-11-21 12:29 |
2017-03-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249454
|
7.8 |
HIGH
ローカル
|
ntp
|
ntp
|
The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to e…
|
CWE-787
境界外書き込み
|
CVE-2017-6451
|
2024-11-21 12:29 |
2017-03-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249455
|
8.8 |
HIGH
ネットワーク
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter.
|
CWE-352
同一生成元ポリシー違反
|
CVE-2017-6069
|
2024-11-21 12:29 |
2017-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249456
|
8.8 |
HIGH
ネットワーク
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.
|
CWE-352
同一生成元ポリシー違反
|
CVE-2017-6068
|
2024-11-21 12:29 |
2017-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249457
|
6.1 |
MEDIUM
ネットワーク
|
getsymphony
|
symphony
|
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2017-6067
|
2024-11-21 12:29 |
2017-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249458
|
8.8 |
HIGH
ネットワーク
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter.
|
CWE-352
同一生成元ポリシー違反
|
CVE-2017-6066
|
2024-11-21 12:29 |
2017-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249459
|
8.8 |
HIGH
ネットワーク
|
eonweb_project
|
eonweb
|
EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3…
|
CWE-78
OSコマンド・インジェクション
|
CVE-2017-6087
|
2024-11-21 12:29 |
2017-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249460
|
8.8 |
HIGH
ネットワーク
|
firebirdsql
|
firebird
|
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
|
CWE-862
認証の欠如
|
CVE-2017-6369
|
2024-11-21 12:29 |
2017-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249461
|
5.9 |
MEDIUM
ネットワーク
|
apparmor
canonical
|
apparmor
ubuntu_touch
ubuntu_core
|
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have …
|
CWE-269
不適切な権限管理
|
CVE-2017-6507
|
2024-11-21 12:29 |
2017-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249462
|
9.8 |
CRITICAL
ネットワーク
|
microsoft
|
skype
|
Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dl…
|
CWE-427
制御されていない検索パスの要素
|
CVE-2017-6517
|
2024-11-21 12:29 |
2017-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249463
|
9.8 |
CRITICAL
ネットワーク
|
qnap
|
qts
|
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
|
CWE-78
OSコマンド・インジェクション
|
CVE-2017-6361
|
2024-11-21 12:29 |
2017-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249464
|
9.8 |
CRITICAL
ネットワーク
|
qnap
|
qts
|
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
|
CWE-78
OSコマンド・インジェクション
|
CVE-2017-6360
|
2024-11-21 12:29 |
2017-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249465
|
9.8 |
CRITICAL
ネットワーク
|
qnap
|
qts
|
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
|
CWE-78
OSコマンド・インジェクション
|
CVE-2017-6359
|
2024-11-21 12:29 |
2017-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249466
|
7.8 |
HIGH
ローカル
|
apng_disassembler_project
|
apng_disassembler
|
Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename.
|
CWE-119
バッファエラー
|
CVE-2017-6191
|
2024-11-21 12:29 |
2017-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249467
|
6.7 |
MEDIUM
ローカル
|
avira
|
internet_security_suite
free_security_suite
total_security_suite
optimization_suite
|
Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and ear…
|
CWE-427
制御されていない検索パスの要素
|
CVE-2017-6417
|
2024-11-21 12:29 |
2017-03-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249468
|
6.7 |
MEDIUM
ローカル
|
bitdefender
|
internet_security
total_security
antivirus_plus
|
Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-pro…
|
CWE-94
コード・インジェクション
|
CVE-2017-6186
|
2024-11-21 12:29 |
2017-03-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249469
|
5.3 |
MEDIUM
ネットワーク
|
paloaltonetworks
|
terminal_services_agent
|
Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via …
|
CWE-732
重要なリソースに対する不適切なパーミッションの割り当て
|
CVE-2017-6356
|
2024-11-21 12:29 |
2017-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249470
|
7.5 |
HIGH
ネットワーク
|
opensuse
sane-backends_project
|
leap
sane-backends
|
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
|
CWE-200
情報漏えい
|
CVE-2017-6318
|
2024-11-21 12:29 |
2017-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249471
|
7.8 |
HIGH
ローカル
|
usbpcap_project
|
usbpcap
|
The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
|
CWE-476
NULL ポインタデリファレンス
|
CVE-2017-6178
|
2024-11-21 12:29 |
2017-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249472
|
7.5 |
HIGH
ネットワーク
|
qemu
|
qemu
|
Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of se…
|
CWE-120
古典的バッファオーバーフロー
|
CVE-2017-6058
|
2024-11-21 12:29 |
2017-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249473
|
5.3 |
MEDIUM
ネットワーク
|
typo3
|
typo3
|
TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network an…
|
CWE-319
重要な情報の平文での送信
|
CVE-2017-6370
|
2024-11-21 12:29 |
2017-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249474
|
7.5 |
HIGH
ネットワーク
|
efssoft
|
easy_file_sharing_ftp_server
|
Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.
|
CWE-22
パス・トラバーサル
|
CVE-2017-6510
|
2024-11-21 12:29 |
2017-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249475
|
8.1 |
HIGH
ネットワーク
|
drupal
|
drupal
|
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, a…
|
CWE-829
信頼性のない制御領域からの機能の組み込み
|
CVE-2017-6381
|
2024-11-21 12:29 |
2017-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249476
|
7.5 |
HIGH
ネットワーク
|
drupal
|
drupal
|
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that use…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2017-6379
|
2024-11-21 12:29 |
2017-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249477
|
7.5 |
HIGH
ネットワーク
|
drupal
|
drupal
|
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
|
CWE-863
不正な認証
|
CVE-2017-6377
|
2024-11-21 12:29 |
2017-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249478
|
4.7 |
MEDIUM
ネットワーク
|
sap
|
businessobjects_financial_consolidation
|
Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET requ…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2017-6061
|
2024-11-21 12:29 |
2017-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249479
|
6.1 |
MEDIUM
ネットワーク
|
epson
|
tmnet_webconfig
|
Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2017-6443
|
2024-11-21 12:29 |
2017-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249480
|
5.5 |
MEDIUM
ローカル
|
ettercap-project
|
ettercap
|
The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter.
|
CWE-125
境界外読み取り
|
CVE-2017-6430
|
2024-11-21 12:29 |
2017-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249481
|
7.8 |
HIGH
ローカル
|
broadcom
|
tcpreplay
|
Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.
|
CWE-119
バッファエラー
|
CVE-2017-6429
|
2024-11-21 12:29 |
2017-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249482
|
7.3 |
HIGH
ローカル
|
amazon
|
kindle_for_pc
|
Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working di…
|
CWE-426
信頼性のない検索パス
|
CVE-2017-6189
|
2024-11-21 12:29 |
2017-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249483
|
6.5 |
MEDIUM
ローカル
|
qemu
|
qemu
|
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the num…
|
CWE-835
無限ループ
|
CVE-2017-6505
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249484
|
5.0 |
MEDIUM
ローカル
|
libplist_project
|
libplist
|
The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file.
|
CWE-20
CWE-787
CWE-190
不適切な入力確認
境界外書き込み
整数オーバーフローまたはラップアラウンド
|
CVE-2017-6440
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249485
|
5.0 |
MEDIUM
ローカル
|
libplist_project
|
libplist
|
Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) via a crafted plist fi…
|
CWE-787
境界外書き込み
|
CVE-2017-6439
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249486
|
7.3 |
HIGH
ローカル
|
libplist_project
|
libplist
|
Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code exe…
|
CWE-787
境界外書き込み
|
CVE-2017-6438
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249487
|
5.0 |
MEDIUM
ローカル
|
libplist_project
|
libplist
|
The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file.
|
CWE-125
境界外読み取り
|
CVE-2017-6437
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249488
|
5.0 |
MEDIUM
ローカル
|
libplist_project
|
libplist
|
The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file.
|
CWE-119
CWE-20
バッファエラー
不適切な入力確認
|
CVE-2017-6436
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249489
|
5.0 |
MEDIUM
ローカル
|
libplist_project
|
libplist
|
The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file.
|
CWE-119
バッファエラー
|
CVE-2017-6435
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249490
|
6.5 |
MEDIUM
ローカル
|
libcacard_project
|
libcacard
|
Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocatin…
|
CWE-772
有効なライフタイム後のリソースの解放の欠如
|
CVE-2017-6414
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249491
|
6.5 |
MEDIUM
ローカル
|
virglrenderer_project
|
virglrenderer
|
Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large numb…
|
CWE-772
有効なライフタイム後のリソースの解放の欠如
|
CVE-2017-6386
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249492
|
8.8 |
HIGH
ネットワーク
|
netgear
|
dgn2200_firmware
|
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that pe…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2017-6366
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249493
|
6.5 |
MEDIUM
ローカル
|
virglrenderer_project
|
virglrenderer
|
Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors involvi…
|
CWE-772
有効なライフタイム後のリソースの解放の欠如
|
CVE-2017-6317
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249494
|
6.5 |
MEDIUM
ローカル
|
virglrenderer_project
|
virglrenderer
|
The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroyin…
|
CWE-476
NULL ポインタデリファレンス
|
CVE-2017-6210
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249495
|
6.5 |
MEDIUM
ローカル
|
virglrenderer_project
|
virglrenderer
|
Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a den…
|
CWE-119
バッファエラー
|
CVE-2017-6209
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249496
|
7.8 |
HIGH
ローカル
|
artifex
debian
|
mupdf
debian_linux
|
Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.
|
CWE-787
境界外書き込み
|
CVE-2017-6060
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249497
|
6.7 |
MEDIUM
ローカル
|
magnicomp
|
sysinfo
|
A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-…
|
CWE-20
不適切な入力確認
|
CVE-2017-6516
|
2024-11-21 12:29 |
2017-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249498
|
5.5 |
MEDIUM
ローカル
|
graphicsmagick
|
graphicsmagick
|
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samp…
|
CWE-125
境界外読み取り
|
CVE-2017-6335
|
2024-11-21 12:29 |
2017-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249499
|
8.8 |
HIGH
ネットワーク
|
trendmicro
|
interscan_messaging_security_virtual_appliance
|
An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is …
|
CWE-78
NVD-CWE-noinfo
OSコマンド・インジェクション
|
CVE-2017-6398
|
2024-11-21 12:29 |
2017-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249500
|
7.5 |
HIGH
ネットワーク
|
cerberusftp
|
ftp_server
|
In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.
|
CWE-20
不適切な入力確認
|
CVE-2017-6367
|
2024-11-21 12:29 |
2017-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
