|
253211
|
9.8 |
CRITICAL
Network
|
aveva
|
wonderware_intouch_access_anywhere
|
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parame…
|
CWE-200
Information Exposure
|
CVE-2017-5158
|
2024-11-21 12:27 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253212
|
8.8 |
HIGH
Network
|
aveva
|
wonderware_intouch_access_anywhere
|
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will…
|
CWE-352
Origin Validation Error
|
CVE-2017-5156
|
2024-11-21 12:27 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253213
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5183
|
2024-11-21 12:27 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253214
|
3.1 |
LOW
Network
|
netiq
|
access_manager
|
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to …
|
CWE-200
Information Exposure
|
CVE-2017-5190
|
2024-11-21 12:27 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253215
|
3.5 |
LOW
Network
|
splunk
|
splunk
|
Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 a…
|
CWE-200
Information Exposure
|
CVE-2017-5607
|
2024-11-21 12:27 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253216
|
7.5 |
HIGH
Network
|
microfocus
|
sentinel
|
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service.
|
CWE-20
Improper Input Validation
|
CVE-2017-5185
|
2024-11-21 12:27 |
2017-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253217
|
5.3 |
MEDIUM
Network
|
microfocus
|
sentinel
|
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration).
|
CWE-200
Information Exposure
|
CVE-2017-5184
|
2024-11-21 12:27 |
2017-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253218
|
10.0 |
CRITICAL
Network
|
projectatomic
|
bubblewrap
|
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an a…
|
CWE-20
Improper Input Validation
|
CVE-2017-5226
|
2024-11-21 12:27 |
2017-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253219
|
7.5 |
HIGH
Network
|
eviewgps
|
ev-07s_gps_tracker_firmware
|
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying infor…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-5239
|
2024-11-21 12:27 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253220
|
5.3 |
MEDIUM
Network
|
eviewgps
|
ev-07s_gps_tracker_firmware
|
Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5238
|
2024-11-21 12:27 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
