|
255511
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.
|
CWE-601
Open Redirect
|
CVE-2017-14802
|
2024-11-21 12:13 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255512
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14801
|
2024-11-21 12:13 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255513
|
5.3 |
MEDIUM
Network
|
suse
opensuse
|
linux_enterprise_software_development_kit
leap
|
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroot…
|
CWE-20
Improper Input Validation
|
CVE-2017-14804
|
2024-11-21 12:13 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255514
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated us…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14800
|
2024-11-21 12:13 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255515
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14799
|
2024-11-21 12:13 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255516
|
7.0 |
HIGH
Local
|
postgresql
suse
|
postgresql
suse_linux_enterprise_server
|
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
|
CWE-362
Race Condition
|
CVE-2017-14798
|
2024-11-21 12:13 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255517
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow m…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14884
|
2024-11-21 12:13 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255518
|
9.8 |
CRITICAL
Network
|
qualcomm
|
mdm9206_firmware
mdm9607_firmware
mdm9650_firmware
s820a_firmware
s820am_firmware
sd_210_firmware
sd_212_firmware
sd_410_firmware
sd_425_firmware
sd_430_firmware
sd_615_…
|
In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, S…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14910
|
2024-11-21 12:13 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255519
|
7.5 |
HIGH
Network
|
oxid-esales
|
eshop
|
OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2017-14993
|
2024-11-21 12:13 |
2018-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255520
|
6.5 |
MEDIUM
Network
|
netfortris
|
trixbox
|
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
|
CWE-22
Path Traversal
|
CVE-2017-14537
|
2024-11-21 12:13 |
2018-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
