|
252061
|
7.5 |
HIGH
Network
|
nodejs
|
node.js
|
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 makin…
|
CWE-20
Improper Input Validation
|
CVE-2017-14919
|
2024-11-21 12:13 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252062
|
7.5 |
HIGH
Network
|
saltstack
|
salt
|
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
|
CWE-20
Improper Input Validation
|
CVE-2017-14696
|
2024-11-21 12:13 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252063
|
9.8 |
CRITICAL
Network
|
saltstack
|
salt
|
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials …
|
CWE-22
Path Traversal
|
CVE-2017-14695
|
2024-11-21 12:13 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252064
|
4.7 |
MEDIUM
Local
|
pcu
|
pcu
|
The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control unit…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-14937
|
2024-11-21 12:13 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252065
|
5.7 |
MEDIUM
Network
|
alienvault
|
unified_security_management
|
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local d…
|
CWE-352
Origin Validation Error
|
CVE-2017-14956
|
2024-11-21 12:13 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252066
|
9.8 |
CRITICAL
Network
|
icu-project
|
international_components_for_unicode
|
Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector …
|
CWE-415
Double Free
|
CVE-2017-14952
|
2024-11-21 12:13 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252067
|
8.8 |
HIGH
Network
|
opentext
|
documentum_content_server
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack…
|
CWE-20
Improper Input Validation
|
CVE-2017-15012
|
2024-11-21 12:13 |
2017-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252068
|
4.3 |
MEDIUM
Network
|
opentext
|
documentum_content_server
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardl…
|
CWE-269
Improper Privilege Management
|
CVE-2017-15014
|
2024-11-21 12:13 |
2017-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252069
|
8.8 |
HIGH
Network
|
opentext
|
documentum_content_server
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser…
|
CWE-269
Improper Privilege Management
|
CVE-2017-15013
|
2024-11-21 12:13 |
2017-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252070
|
6.1 |
MEDIUM
Network
|
atlassian
|
fisheye
crucible
|
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog par…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14588
|
2024-11-21 12:13 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
