|
247901
|
9.1 |
CRITICAL
Network
|
varnish-cache
varnish_cache_project
debian
|
varnish
varnish_cache
debian_linux
|
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a V…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8807
|
2024-11-21 12:34 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247902
|
7.5 |
HIGH
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
|
CWE-20
Improper Input Validation
|
CVE-2017-8815
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247903
|
7.5 |
HIGH
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
|
CWE-20
Improper Input Validation
|
CVE-2017-8814
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247904
|
5.3 |
MEDIUM
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
|
NVD-CWE-noinfo
|
CVE-2017-8812
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247905
|
6.1 |
MEDIUM
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.
|
CWE-20
Improper Input Validation
|
CVE-2017-8811
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247906
|
7.5 |
HIGH
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the userna…
|
CWE-200
Information Exposure
|
CVE-2017-8810
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247907
|
9.8 |
CRITICAL
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
|
CWE-74
Injection
|
CVE-2017-8809
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247908
|
6.1 |
MEDIUM
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8808
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247909
|
7.5 |
HIGH
Network
|
microsoft
|
asp.net_core
|
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Infor…
|
NVD-CWE-noinfo
|
CVE-2017-8700
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247910
|
5.5 |
MEDIUM
Local
|
postgresql
|
postgresql
|
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debia…
|
CWE-59
Link Following
|
CVE-2017-8806
|
2024-11-21 12:34 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
