|
254921
|
8.8 |
HIGH
Network
|
docuware
|
fulltext_server
|
The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access con…
|
NVD-CWE-noinfo
|
CVE-2017-15044
|
2024-11-21 12:13 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254922
|
7.8 |
HIGH
Local
|
ikarussecurity
|
anti.virus
|
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.
|
CWE-20
Improper Input Validation
|
CVE-2017-14961
|
2024-11-21 12:13 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254923
|
8.1 |
HIGH
Network
|
kickbase
|
bundesliga_manager
|
The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and passw…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-14711
|
2024-11-21 12:13 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254924
|
4.8 |
MEDIUM
Network
|
zurmo
|
zurmo_crm
|
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15039
|
2024-11-21 12:13 |
2017-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254925
|
6.5 |
MEDIUM
Network
|
docker
|
docker
|
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause …
|
CWE-20
Improper Input Validation
|
CVE-2017-14992
|
2024-11-21 12:13 |
2017-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254926
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as th…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14752
|
2024-11-21 12:13 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254927
|
7.5 |
HIGH
Network
|
nodejs
|
node.js
|
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 makin…
|
CWE-20
Improper Input Validation
|
CVE-2017-14919
|
2024-11-21 12:13 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254928
|
7.5 |
HIGH
Network
|
saltstack
|
salt
|
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
|
CWE-20
Improper Input Validation
|
CVE-2017-14696
|
2024-11-21 12:13 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254929
|
9.8 |
CRITICAL
Network
|
saltstack
|
salt
|
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials …
|
CWE-22
Path Traversal
|
CVE-2017-14695
|
2024-11-21 12:13 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254930
|
4.7 |
MEDIUM
Local
|
pcu
|
pcu
|
The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control unit…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-14937
|
2024-11-21 12:13 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
