|
247611
|
6.5 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters.
|
CWE-200
Information Exposure
|
CVE-2017-7216
|
2024-11-21 12:31 |
2017-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247612
|
7.5 |
HIGH
Network
|
rxvt_project
debian
|
rxvt
debian_linux
|
Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7483
|
2024-11-21 12:31 |
2017-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247613
|
6.5 |
MEDIUM
Network
|
gfi
|
kerio_connect
kerio_connect_client
|
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjackin…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2017-7440
|
2024-11-21 12:31 |
2017-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247614
|
7.5 |
HIGH
Network
|
atlassian
|
confluence_server
|
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.
|
CWE-200
Information Exposure
|
CVE-2017-7415
|
2024-11-21 12:31 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247615
|
7.8 |
HIGH
Local
|
dolby
|
dolby_audio_x2
dolby_audio_x3
|
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCO…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-7293
|
2024-11-21 12:31 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247616
|
7.0 |
HIGH
Local
|
linux
|
linux_kernel
|
Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7477
|
2024-11-21 12:31 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247617
|
8.8 |
HIGH
Network
|
opentext
|
documentum_content_server
|
OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by levera…
|
CWE-89
SQL Injection
|
CVE-2017-7221
|
2024-11-21 12:31 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247618
|
6.1 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7409
|
2024-11-21 12:31 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247619
|
8.8 |
HIGH
Network
|
opentext
|
documentum_content_server
|
OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "…
|
CWE-20
Improper Input Validation
|
CVE-2017-7220
|
2024-11-21 12:31 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247620
|
8.8 |
HIGH
Network
|
unitrends
|
enterprise_backup
|
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the…
|
CWE-20
Improper Input Validation
|
CVE-2017-7283
|
2024-11-21 12:31 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
