|
247221
|
6.5 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing e…
|
CWE-352
Origin Validation Error
|
CVE-2017-7620
|
2024-11-21 12:32 |
2017-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247222
|
9.8 |
CRITICAL
Network
|
redhat
|
jboss_enterprise_application_platform
|
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes fo…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-7504
|
2024-11-21 12:32 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247223
|
7.5 |
HIGH
Network
|
phoenix_contact_gmbh
|
mguard_firmware
|
A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN req…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-7935
|
2024-11-21 12:32 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247224
|
6.6 |
MEDIUM
Local
|
schneider-electric
|
wonderware_historian_client
|
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XM…
|
CWE-611
XXE
|
CVE-2017-7907
|
2024-11-21 12:32 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247225
|
9.8 |
CRITICAL
Network
|
redhat
|
jboss_enterprise_application_platform
|
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read fil…
|
CWE-611
XXE
|
CVE-2017-7503
|
2024-11-21 12:32 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247226
|
7.8 |
HIGH
Local
|
qemu
debian
|
qemu
debian_linux
|
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs meta…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-7493
|
2024-11-21 12:32 |
2017-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247227
|
4.3 |
MEDIUM
Network
|
authconfig_project
|
authconfig
|
Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.
|
CWE-200
Information Exposure
|
CVE-2017-7488
|
2024-11-21 12:32 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247228
|
8.8 |
HIGH
Network
|
apache
|
cxf_fediz
|
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross …
|
CWE-352
Origin Validation Error
|
CVE-2017-7662
|
2024-11-21 12:32 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247229
|
8.8 |
HIGH
Network
|
apache
|
cxf_fediz
|
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, S…
|
CWE-352
Origin Validation Error
|
CVE-2017-7661
|
2024-11-21 12:32 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247230
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from ot…
|
CWE-200
Information Exposure
|
CVE-2017-7495
|
2024-11-21 12:32 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
