|
253211
|
9.1 |
CRITICAL
Network
|
nodejs
|
node.js
|
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application dat…
|
NVD-CWE-noinfo
|
CVE-2017-15896
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253212
|
5.3 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-15943
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253213
|
7.5 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management in…
|
NVD-CWE-noinfo
|
CVE-2017-15942
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253214
|
9.8 |
CRITICAL
Network
|
paloaltonetworks
|
pan-os
|
The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to…
|
CWE-77
Command Injection
|
CVE-2017-15940
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253215
|
6.7 |
MEDIUM
Local
|
paloaltonetworks
|
globalprotect
|
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."
|
NVD-CWE-noinfo
|
CVE-2017-15870
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253216
|
9.8 |
CRITICAL
Network
|
apache
oracle
|
synapse
peoplesoft_enterprise_peopletools
financial_services_market_risk_measurement_and_management
|
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows r…
|
CWE-74
Injection
|
CVE-2017-15708
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253217
|
6.5 |
MEDIUM
Network
|
synology
|
router_manager
|
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_p…
|
CWE-22
Path Traversal
|
CVE-2017-15895
|
2024-11-21 12:15 |
2017-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253218
|
6.5 |
MEDIUM
Network
|
synology
|
diskstation_manager
|
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbi…
|
CWE-22
Path Traversal
|
CVE-2017-15894
|
2024-11-21 12:15 |
2017-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253219
|
6.5 |
MEDIUM
Network
|
synology
|
file_station
|
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parame…
|
CWE-22
Path Traversal
|
CVE-2017-15893
|
2024-11-21 12:15 |
2017-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253220
|
6.5 |
MEDIUM
Network
|
synology
|
calendar
|
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2017-15891
|
2024-11-21 12:15 |
2017-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
