|
251191
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem conten…
|
CWE-200
Information Exposure
|
CVE-2017-5011
|
2024-11-21 12:26 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251192
|
6.1 |
MEDIUM
Network
|
google
|
chrome
|
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitra…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5010
|
2024-11-21 12:26 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251193
|
8.8 |
HIGH
Network
|
google
|
chrome
|
WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploi…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5009
|
2024-11-21 12:26 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251194
|
6.1 |
MEDIUM
Network
|
google
|
chrome
|
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script metho…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5008
|
2024-11-21 12:26 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251195
|
6.1 |
MEDIUM
Network
|
google
|
chrome
|
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker …
|
CWE-79
Cross-site Scripting
|
CVE-2017-5007
|
2024-11-21 12:26 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251196
|
6.1 |
MEDIUM
Network
|
google
|
chrome
|
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitr…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5006
|
2024-11-21 12:26 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251197
|
8.8 |
HIGH
Local
|
cisco
|
unified_computing_system_director
|
A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privil…
|
CWE-863
Incorrect Authorization
|
CVE-2017-3801
|
2024-11-21 12:26 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251198
|
5.4 |
MEDIUM
Network
|
mcafee
|
epolicy_orchestrator
|
Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing …
|
CWE-79
Cross-site Scripting
|
CVE-2017-3902
|
2024-11-21 12:26 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251199
|
5.9 |
MEDIUM
Network
|
mcafee
|
mcafee_agent
|
Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters v…
|
CWE-20
Improper Input Validation
|
CVE-2017-3896
|
2024-11-21 12:26 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251200
|
7.8 |
HIGH
Local
|
cisco
|
anyconnect_secure_mobility_client
|
A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with th…
|
CWE-862
Missing Authorization
|
CVE-2017-3813
|
2024-11-21 12:26 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
