|
248261
|
9.1 |
CRITICAL
Network
|
fortinet
|
fortiportal
|
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen ses…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-7337
|
2024-11-21 12:31 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248262
|
7.5 |
HIGH
Network
|
netapp
|
oncommand_unified_manager_core_package
|
NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.
|
CWE-200
Information Exposure
|
CVE-2017-7439
|
2024-11-21 12:31 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248263
|
7.5 |
HIGH
Network
|
netapp
|
oncommand_unified_manager_core_package
|
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2017-7236
|
2024-11-21 12:31 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248264
|
6.1 |
MEDIUM
Network
|
synacor
|
zimbra_collaboration_suite
|
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7288
|
2024-11-21 12:31 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248265
|
5.5 |
MEDIUM
Local
|
cairographics
|
cairo
|
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-7475
|
2024-11-21 12:31 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248266
|
6.5 |
MEDIUM
Network
|
micro_focus
|
vibe
|
An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially cr…
|
CWE-22
Path Traversal
|
CVE-2017-7433
|
2024-11-21 12:31 |
2017-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248267
|
6.5 |
MEDIUM
Network
|
openvpn
|
openvpn
|
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
|
CWE-617
Reachable Assertion
|
CVE-2017-7479
|
2024-11-21 12:31 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248268
|
7.5 |
HIGH
Network
|
openvpn
|
openvpn
|
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
|
CWE-20
Improper Input Validation
|
CVE-2017-7478
|
2024-11-21 12:31 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248269
|
10.0 |
CRITICAL
Network
|
zohocorp
|
manageengine_desktop_central
|
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2017-7213
|
2024-11-21 12:31 |
2017-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248270
|
7.5 |
HIGH
Network
|
postgresql
|
postgresql
|
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
|
CWE-200
Information Exposure
|
CVE-2017-7486
|
2024-11-21 12:31 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
