Lucene search
K

543 matches found

seebug.org
seebug.org
added 2018/01/11 12:0 a.m.433 views

Jackson-databind 远程代码执行漏洞(CVE-2017-17485)

jackson-rce-via-spel An example project that exploits the default typing issue in Jackson-databind https://github.com/FasterXML/jackson-databind via Spring application contexts and expressions Context The Jackson-databind project has a feature called default-typing not enabled by default. When th...

9.7AI score0.49727EPSS
Exploits7
OSV
OSV
added 2017/11/30 9:29 a.m.4 views

CVE-2017-12339

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...

5.7CVSS6AI score0.007EPSS
Exploits0References3
Prion
Prion
added 2017/11/30 9:29 a.m.16 views

Command injection

A vulnerability in the CLI of Cisco Firepower Extensible Operating System FXOS and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacke...

4.6CVSS6.9AI score0.01103EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2017/11/30 9:29 a.m.3 views

CVE-2017-12330

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...

6.3CVSS6AI score0.01102EPSS
Exploits0References3
OSV
OSV
added 2017/11/30 9:29 a.m.4 views

CVE-2017-12338

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted...

6CVSS5.9AI score0.00377EPSS
Exploits0References2
Prion
Prion
added 2017/11/30 9:29 a.m.18 views

Command injection

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command...

4.6CVSS7AI score0.00935EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2017/11/30 9:0 a.m.36 views

CVE-2017-12335

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command...

6.9AI score0.00935EPSS
Exploits0References3
Cisco
Cisco
added 2017/11/29 4:0 p.m.42 views

Cisco Nexus Series Switches CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...

6.3CVSS6.9AI score0.01102EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.50 views

Cisco NX-OS System Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command...

6.3CVSS7AI score0.00935EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.44 views

Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Extensible Operating System FXOS and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacke...

6.3CVSS6.9AI score0.01103EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/11/02 12:0 a.m.872 views

Apache Tomcat 6.0.x < 6.0.24 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 6.0.x prior to 6.0.24. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for t...

8.1CVSS8.1AI score0.99988EPSS
Exploits37References4
Tenable Nessus
Tenable Nessus
added 2017/10/19 12:0 a.m.25 views

FreeBSD : krb5 -- Multiple vulnerabilities (3f3837cc-48fb-4414-aa46-5b1c23c9feae)

MIT reports : CVE-2017-11368 : In MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request. CVE-2017-11462 : RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or...

9.8CVSS6.4AI score0.05481EPSS
Exploits0References7
NVD
NVD
added 2017/09/13 4:29 p.m.20 views

CVE-2017-11462

Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error...

9.8CVSS6.7AI score0.05481EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2017/09/13 4:29 p.m.25 views

CVE-2017-11462

Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error...

9.8CVSS6.8AI score0.05481EPSS
Exploits0References1
Snyk
Snyk
added 2017/09/13 4:29 p.m.3 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free. Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. Remediation There is no fixed version for krb5...

9.8CVSS9.4AI score0.05481EPSS
Exploits0References2
Prion
Prion
added 2017/09/13 4:29 p.m.21 views

Double free

Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error...

7.5CVSS9.5AI score0.05481EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2017/09/13 4:29 p.m.6 views

UBUNTU-CVE-2017-11462

Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error...

9.8CVSS6.8AI score0.05481EPSS
Exploits0References2
OSV
OSV
added 2017/09/13 4:29 p.m.22 views

CVE-2017-11462

Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error...

9.8CVSS7AI score
Exploits0References4
Cvelist
Cvelist
added 2017/09/13 4:0 p.m.29 views

CVE-2017-11462

Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error...

7.1AI score0.05481EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2017/09/13 4:0 p.m.25 views

CVE-2017-11462

Double free vulnerability in MIT Kerberos 5 aka krb5 allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error...

9.8CVSS8.3AI score0.05481EPSS
Exploits0
Rows per page
Query Builder