|
251331
|
5.3 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-15943
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251332
|
7.5 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management in…
|
NVD-CWE-noinfo
|
CVE-2017-15942
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251333
|
9.8 |
CRITICAL
Network
|
paloaltonetworks
|
pan-os
|
The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to…
|
CWE-77
Command Injection
|
CVE-2017-15940
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251334
|
6.7 |
MEDIUM
Local
|
paloaltonetworks
|
globalprotect
|
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."
|
NVD-CWE-noinfo
|
CVE-2017-15870
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251335
|
9.8 |
CRITICAL
Network
|
apache
oracle
|
synapse
peoplesoft_enterprise_peopletools
financial_services_market_risk_measurement_and_management
|
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows r…
|
CWE-74
Injection
|
CVE-2017-15708
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251336
|
6.5 |
MEDIUM
Network
|
synology
|
router_manager
|
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_p…
|
CWE-22
Path Traversal
|
CVE-2017-15895
|
2024-11-21 12:15 |
2017-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251337
|
6.5 |
MEDIUM
Network
|
synology
|
diskstation_manager
|
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbi…
|
CWE-22
Path Traversal
|
CVE-2017-15894
|
2024-11-21 12:15 |
2017-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251338
|
6.5 |
MEDIUM
Network
|
synology
|
file_station
|
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parame…
|
CWE-22
Path Traversal
|
CVE-2017-15893
|
2024-11-21 12:15 |
2017-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251339
|
6.5 |
MEDIUM
Network
|
synology
|
calendar
|
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2017-15891
|
2024-11-21 12:15 |
2017-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251340
|
7.8 |
HIGH
Local
|
linux
canonical
debian
|
linux_kernel
ubuntu_linux
debian_linux
|
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a craf…
|
CWE-20
Improper Input Validation
|
CVE-2017-15868
|
2024-11-21 12:15 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
