|
249581
|
8.1 |
HIGH
Network
|
drupal
|
drupal
|
In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. Th…
|
NVD-CWE-noinfo
|
CVE-2017-6930
|
2024-11-21 12:30 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249582
|
6.1 |
MEDIUM
Network
|
drupal
debian
|
drupal
debian_linux
|
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in or…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6929
|
2024-11-21 12:30 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249583
|
5.3 |
MEDIUM
Network
|
drupal
debian
|
drupal
debian_linux
|
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fa…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-6928
|
2024-11-21 12:30 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249584
|
6.1 |
MEDIUM
Network
|
drupal
debian
|
drupal
debian_linux
|
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (a…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6927
|
2024-11-21 12:30 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249585
|
8.1 |
HIGH
Network
|
drupal
|
drupal
|
In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this conte…
|
CWE-200
Information Exposure
|
CVE-2017-6926
|
2024-11-21 12:30 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249586
|
6.4 |
MEDIUM
Local
|
cisco
|
umbrella
|
The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in …
|
NVD-CWE-noinfo
|
CVE-2017-6679
|
2024-11-21 12:30 |
2017-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249587
|
6.5 |
MEDIUM
Network
|
cisco
|
sf302-08pp_firmware
sf302-08mpp_firmware
sg300-10pp_firmware
sg300-10mpp_firmware
sf300-24pp_firmware
sf300-48pp_firmware
sg300-28pp_firmware
sf300-08_firmware
sf300-48p_firmw…
|
A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6720
|
2024-11-21 12:30 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249588
|
6.7 |
MEDIUM
Local
|
cisco
|
ios_xe
|
A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrar…
|
CWE-78
OS Command
|
CVE-2017-6796
|
2024-11-21 12:30 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249589
|
4.4 |
MEDIUM
Local
|
cisco
|
ios_xe
|
A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files o…
|
CWE-20
Improper Input Validation
|
CVE-2017-6795
|
2024-11-21 12:30 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249590
|
6.5 |
MEDIUM
Network
|
cisco
|
prime_collaboration_provisioning
|
A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulne…
|
CWE-200
Information Exposure
|
CVE-2017-6793
|
2024-11-21 12:30 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
