543 matches found
Jackson-databind 远程代码执行漏洞(CVE-2017-17485)
jackson-rce-via-spel An example project that exploits the default typing issue in Jackson-databind https://github.com/FasterXML/jackson-databind via Spring application contexts and expressions Context The Jackson-databind project has a feature called default-typing not enabled by default. When th...
CVE-2017-12339
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...
Command injection
A vulnerability in the CLI of Cisco Firepower Extensible Operating System FXOS and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacke...
CVE-2017-12330
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...
CVE-2017-12338
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted...
Command injection
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command...
CVE-2017-12335
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command...
Cisco Nexus Series Switches CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...
Cisco NX-OS System Software CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command...
Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco Firepower Extensible Operating System FXOS and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacke...
Apache Tomcat 6.0.x < 6.0.24 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 6.0.x prior to 6.0.24. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for t...
FreeBSD : krb5 -- Multiple vulnerabilities (3f3837cc-48fb-4414-aa46-5b1c23c9feae)
MIT reports : CVE-2017-11368 : In MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request. CVE-2017-11462 : RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or...
CVE-2017-11462
Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error...
CVE-2017-11462
Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error...
Double Free
Overview Affected versions of this package are vulnerable to Double Free. Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. Remediation There is no fixed version for krb5...
Double free
Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error...
UBUNTU-CVE-2017-11462
Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error...
CVE-2017-11462
Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error...
CVE-2017-11462
Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error...
CVE-2017-11462
Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error...