|
250251
|
5.3 |
MEDIUM
Network
|
weblate
|
weblate
|
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate use…
|
CWE-200
Information Exposure
|
CVE-2017-5537
|
2024-11-21 12:27 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250252
|
6.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number o…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2017-5526
|
2024-11-21 12:27 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250253
|
6.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of …
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2017-5525
|
2024-11-21 12:27 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250254
|
9.8 |
CRITICAL
Network
|
sawmill
|
sawmill
|
Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.
|
CWE-200
Information Exposure
|
CVE-2017-5496
|
2024-11-21 12:27 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250255
|
7.5 |
HIGH
Network
|
easycom-aura
|
sql_iplug
|
EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI.
|
CWE-20
Improper Input Validation
|
CVE-2017-5359
|
2024-11-21 12:27 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250256
|
9.8 |
CRITICAL
Network
|
easycom-aura
|
easycom_for_php
|
Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5358
|
2024-11-21 12:27 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250257
|
5.4 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated u…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5584
|
2024-11-21 12:27 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250258
|
6.5 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2017-5583
|
2024-11-21 12:27 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250259
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
tableau_desktop
tableau_server
wonderware_intelligence
|
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is insta…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2017-5178
|
2024-11-21 12:27 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250260
|
6.1 |
MEDIUM
Network
|
silverstripe
|
silverstripe
|
There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5197
|
2024-11-21 12:27 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
