|
257241
|
7.5 |
HIGH
Network
|
iceqube
|
thermal_management_center_firmware
|
In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information.
|
CWE-287
Improper Authentication
|
CVE-2017-14026
|
2024-11-21 12:11 |
2018-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257242
|
6.5 |
MEDIUM
Network
|
netapp
|
oncommand_insight
|
NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface.
|
CWE-20
Improper Input Validation
|
CVE-2017-13652
|
2024-11-21 12:11 |
2018-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257243
|
4.6 |
MEDIUM
Physics
|
bostonscientific
|
zoom_latitude_prm_3120_firmware
|
Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-14014
|
2024-11-21 12:11 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257244
|
4.6 |
MEDIUM
Physics
|
bostonscientific
|
zoom_latitude_prm_3120_firmware
|
Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-14012
|
2024-11-21 12:11 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257245
|
7.8 |
HIGH
Local
|
spidercontrol
|
scada_microbrowser
|
In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-14010
|
2024-11-21 12:11 |
2018-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257246
|
4.8 |
MEDIUM
Network
|
broadcom
|
advanced_secure_gateway
symantec_proxysg
|
Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management cons…
|
CWE-79
Cross-site Scripting
|
CVE-2017-13678
|
2024-11-21 12:11 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257247
|
7.5 |
HIGH
Network
|
broadcom
|
advanced_secure_gateway
symantec_proxysg
|
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service t…
|
NVD-CWE-noinfo
|
CVE-2017-13677
|
2024-11-21 12:11 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257248
|
9.8 |
CRITICAL
Network
|
google
|
android
|
In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. …
|
CWE-416
Use After Free
|
CVE-2017-13272
|
2024-11-21 12:11 |
2018-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257249
|
7.3 |
HIGH
Network
|
google
|
android
|
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799.
|
NVD-CWE-noinfo
|
CVE-2017-13271
|
2024-11-21 12:11 |
2018-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257250
|
7.3 |
HIGH
Network
|
google
|
android
|
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744.
|
NVD-CWE-noinfo
|
CVE-2017-13270
|
2024-11-21 12:11 |
2018-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
