|
250721
|
8.8 |
HIGH
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka …
|
CWE-89
SQL Injection
|
CVE-2017-18260
|
2024-11-21 12:19 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250722
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18259
|
2024-11-21 12:19 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250723
|
6.5 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
|
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version…
|
CWE-862
Missing Authorization
|
CVE-2017-18101
|
2024-11-21 12:19 |
2018-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250724
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
|
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick fi…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18100
|
2024-11-21 12:19 |
2018-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250725
|
6.5 |
MEDIUM
Network
|
xmlsoft
|
libxml2
|
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not r…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-18258
|
2024-11-21 12:19 |
2018-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250726
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
|
The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fie…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18098
|
2024-11-21 12:19 |
2018-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250727
|
5.4 |
MEDIUM
Network
|
atlassian
|
jira
|
The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaSc…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18097
|
2024-11-21 12:19 |
2018-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250728
|
5.5 |
MEDIUM
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate s…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-18257
|
2024-11-21 12:19 |
2018-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250729
|
7.2 |
HIGH
Network
|
atlassian
|
application_links
|
The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access th…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-18096
|
2024-11-21 12:19 |
2018-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250730
|
6.5 |
MEDIUM
Network
|
brave
|
brave_browser
|
Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled.
|
NVD-CWE-noinfo
|
CVE-2017-18256
|
2024-11-21 12:19 |
2018-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
