|
249181
|
6.1 |
MEDIUM
Network
|
synacor
|
zimbra_collaboration_suite
|
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7288
|
2024-11-21 12:31 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249182
|
5.5 |
MEDIUM
Local
|
cairographics
|
cairo
|
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-7475
|
2024-11-21 12:31 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249183
|
6.5 |
MEDIUM
Network
|
micro_focus
|
vibe
|
An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially cr…
|
CWE-22
Path Traversal
|
CVE-2017-7433
|
2024-11-21 12:31 |
2017-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249184
|
6.5 |
MEDIUM
Network
|
openvpn
|
openvpn
|
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
|
CWE-617
Reachable Assertion
|
CVE-2017-7479
|
2024-11-21 12:31 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249185
|
7.5 |
HIGH
Network
|
openvpn
|
openvpn
|
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
|
CWE-20
Improper Input Validation
|
CVE-2017-7478
|
2024-11-21 12:31 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249186
|
10.0 |
CRITICAL
Network
|
zohocorp
|
manageengine_desktop_central
|
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2017-7213
|
2024-11-21 12:31 |
2017-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249187
|
7.5 |
HIGH
Network
|
postgresql
|
postgresql
|
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
|
CWE-200
Information Exposure
|
CVE-2017-7486
|
2024-11-21 12:31 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249188
|
5.9 |
MEDIUM
Network
|
postgresql
|
postgresql
|
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connectio…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-7485
|
2024-11-21 12:31 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249189
|
7.5 |
HIGH
Network
|
postgresql
|
postgresql
|
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges…
|
CWE-200
Information Exposure
|
CVE-2017-7484
|
2024-11-21 12:31 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249190
|
9.8 |
CRITICAL
Network
|
keycloak
|
keycloak-nodejs-auth-utils
|
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, …
|
NVD-CWE-noinfo
|
CVE-2017-7474
|
2024-11-21 12:31 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
