CVE-2017-20161

HIGH Year: 2017
CVSS v3 Score
7.8
High
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the function dump_wlan_at of the file macgeiger.c of the component ESSID Handler. The manipulation leads to injection. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitability is told to be difficult. The name of the patch is 57f1dd50a4821b8c8e676e8020006ae4bfd3c9cb. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217188.

Related Vulnerabilities

CVE-2010-4654

HIGH
CVSS:7.8(High)

poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

CWE-742010

CVE-2014-7844

HIGH
CVSS:7.8(High)

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

CWE-742014

CVE-2014-7952

HIGH
CVSS:7.8(High)

The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.

CWE-742014

CVE-2015-1975

HIGH
CVSS:7.8(High)

The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iF...

CWE-742015

CVE-2017-1000052

HIGH
CVSS:7.8(High)

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.

CWE-742017

CVE-2017-1000454

HIGH
CVSS:7.8(High)

CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1

CWE-742017