|
248721
|
8.8 |
HIGH
Network
|
osisoft
|
pi_web_api
|
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-u…
|
CWE-352
Origin Validation Error
|
CVE-2017-7926
|
2024-11-21 12:32 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248722
|
8.8 |
HIGH
Network
|
powerdns
|
dnsdist
|
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.
|
CWE-352
Origin Validation Error
|
CVE-2017-7557
|
2024-11-21 12:32 |
2017-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248723
|
8.8 |
HIGH
Network
|
hawt
|
hawtio
|
Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted …
|
CWE-352
Origin Validation Error
|
CVE-2017-7556
|
2024-11-21 12:32 |
2017-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248724
|
9.8 |
CRITICAL
Network
|
augeas
|
augeas
|
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the applicatio…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7555
|
2024-11-21 12:32 |
2017-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248725
|
9.8 |
CRITICAL
Network
|
fedoraproject
|
389_directory_server
|
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
|
-
|
CVE-2017-7551
|
2024-11-21 12:32 |
2017-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248726
|
7.5 |
HIGH
Network
|
postgresql
debian
|
postgresql
debian_linux
|
PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents o…
|
NVD-CWE-noinfo
|
CVE-2017-7548
|
2024-11-21 12:32 |
2017-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248727
|
8.8 |
HIGH
Network
|
postgresql
|
postgresql
|
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by…
|
NVD-CWE-noinfo
|
CVE-2017-7547
|
2024-11-21 12:32 |
2017-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248728
|
9.8 |
CRITICAL
Network
|
postgresql
debian
|
postgresql
debian_linux
|
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
|
CWE-287
Improper Authentication
|
CVE-2017-7546
|
2024-11-21 12:32 |
2017-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248729
|
7.5 |
HIGH
Network
|
apache
|
tomcat
|
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypa…
|
CWE-22
Path Traversal
|
CVE-2017-7675
|
2024-11-21 12:32 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248730
|
4.3 |
MEDIUM
Network
|
apache
|
tomcat
|
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Orig…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-7674
|
2024-11-21 12:32 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
