An attackerĬan make requests from an active Zabbix Proxy to trigger this vulnerability. A specially crafted set of packetsĬan cause a command injection resulting in remote code execution. CVE-2017-2885 Zabbix - Remote code execution zabbix2-server zabbix2-proxy 2.0.20 zabbix22-server zabbix22-proxy 2.2.19 zabbix3-server zabbix3-proxy 3.0.10 zabbix32-server zabbix32-proxy 3.2.7Īn exploitable code execution vulnerability exists in the trapper commandįunctionality of Zabbix Server 2.4.X. Regardless of libsoupīeing used as a server or client. Libsoup is susceptible to a stack based buffer overflowĪttack when using chunked encoding. Of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12961).ĬVE-2017-10791 CVE-2017-10792 CVE-2017-12958 CVE-2017-12959 CVE-2017-12960 CVE-2017-12961 drupal - Drupal Core - Multiple Vulnerabilities drupal8 8.3.7ĬVE-2017-6923: Views - Access Bypass - Moderately CriticalĬVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately CriticaĬVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical CVE-2017-6923 CVE-2017-6924 CVE-2017-6925 libsoup - stack based buffer overflow libsoup 2.52.2_1
There is a NULL Pointer Dereference in the function ll_insert() of the libpspp.There is an Integer overflow in the hash_int function of the libpspp library.pspp - multiple vulnerabilities pspp 1.0.0 Vulnerability to execute arbitrary shell commands on the remote SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN)Īllows post-authentication remote code execution via a sendmail.cfįile that is mishandled in a popen call. SquirrelMail - post-authentication remote code execution squirrelmail 20170705
The same vulnerabilty affects atril, the Evince fork. The comic book backend in evince 3.24.0 (and earlier) is vulnerable to a command injection bug that can be used to execute arbitrary commands when a CBT file is opened.
0 kommentar(er)
