|
247911
|
7.5 |
HIGH
Network
|
vmware
|
vcenter_server
|
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization …
|
CWE-352
CWE-918
Origin Validation Error
Server-Side Request Forgery (SSRF)
|
CVE-2017-4928
|
2024-11-21 12:26 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247912
|
7.5 |
HIGH
Network
|
vmware
|
vcenter_server
|
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.
|
CWE-90
LDAP Injection
|
CVE-2017-4927
|
2024-11-21 12:26 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247913
|
7.8 |
HIGH
Local
|
vmware
|
workstation
horizon_view
|
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this …
|
CWE-787
Out-of-bounds Write
|
CVE-2017-4935
|
2024-11-21 12:26 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247914
|
7.8 |
HIGH
Local
|
vmware
|
airwatch_launcher
|
VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Su…
|
NVD-CWE-noinfo
|
CVE-2017-4932
|
2024-11-21 12:26 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247915
|
7.8 |
HIGH
Local
|
vmware
|
airwatch
|
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this…
|
CWE-20
Improper Input Validation
|
CVE-2017-4931
|
2024-11-21 12:26 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247916
|
5.4 |
MEDIUM
Network
|
vmware
|
airwatch
|
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of …
|
CWE-79
Cross-site Scripting
|
CVE-2017-4930
|
2024-11-21 12:26 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247917
|
7.5 |
HIGH
Network
|
blackberry
|
qnx_software_development_platform
|
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with b…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-3893
|
2024-11-21 12:26 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247918
|
7.5 |
HIGH
Network
|
blackberry
|
qnx_software_development_platform
|
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating t…
|
CWE-200
Information Exposure
|
CVE-2017-3892
|
2024-11-21 12:26 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247919
|
8.1 |
HIGH
Network
|
blackberry
|
qnx_software_development_platform
|
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more Q…
|
CWE-863
Incorrect Authorization
|
CVE-2017-3891
|
2024-11-21 12:26 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247920
|
7.8 |
HIGH
Local
|
realtek
|
audio_driver_firmware
|
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute co…
|
NVD-CWE-noinfo
|
CVE-2017-3767
|
2024-11-21 12:26 |
2017-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
