CVE-2017-9788
- EPSS 56.77%
- Veröffentlicht 13.07.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial ke...
CVE-2017-11103
- EPSS 5.12%
- Veröffentlicht 13.07.2017 13:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name ...
CVE-2017-11173
- EPSS 2.35%
- Veröffentlicht 13.07.2017 03:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain n...
CVE-2017-11176
- EPSS 3.63%
- Veröffentlicht 11.07.2017 23:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possi...
CVE-2017-11139
- EPSS 2.7%
- Veröffentlicht 10.07.2017 03:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.
CVE-2017-11107
- EPSS 2.07%
- Veröffentlicht 08.07.2017 12:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
CVE-2017-11104
- EPSS 2.68%
- Veröffentlicht 08.07.2017 10:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of ...
CVE-2016-4000
- EPSS 6.57%
- Veröffentlicht 06.07.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.
CVE-2017-9524
- EPSS 4.09%
- Veröffentlicht 06.07.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initi...
CVE-2017-2295
- EPSS 2.38%
- Veröffentlicht 05.07.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code...