|
251521
|
5.3 |
MEDIUM
Network
|
redhat
|
cloudforms_management_engine
|
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potenti…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2017-15123
|
2024-11-21 12:14 |
2019-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251522
|
5.5 |
MEDIUM
Local
|
artifex
|
ghostscript
|
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected…
|
CWE-200
Information Exposure
|
CVE-2017-15652
|
2024-11-21 12:14 |
2019-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251523
|
4.8 |
MEDIUM
Network
|
netapp
|
snapcenter_server
|
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15515
|
2024-11-21 12:14 |
2019-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251524
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute ar…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2017-15428
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251525
|
7.0 |
HIGH
Local
|
google
|
chrome
|
Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptoh…
|
CWE-362
Race Condition
|
CVE-2017-15405
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251526
|
7.8 |
HIGH
Local
|
google
|
chrome
|
An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2017-15404
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251527
|
7.3 |
HIGH
Local
|
google
|
chrome
|
Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute…
|
CWE-77
Command Injection
|
CVE-2017-15403
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251528
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prio…
|
CWE-20
Improper Input Validation
|
CVE-2017-15402
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251529
|
8.8 |
HIGH
Network
|
google
|
chrome
|
A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code …
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2017-15401
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251530
|
6.5 |
MEDIUM
Network
|
inedo
|
proget
|
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.
|
CWE-352
Origin Validation Error
|
CVE-2017-15608
|
2024-11-21 12:14 |
2018-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
