|
258511
|
7.5 |
HIGH
Network
|
freeipa
|
freeipa
|
It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to…
|
CWE-200
Information Exposure
|
CVE-2017-12169
|
2024-11-21 12:08 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258512
|
7.8 |
HIGH
Local
|
mozilla
|
network_security_services
|
Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11698
|
2024-11-21 12:08 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258513
|
7.8 |
HIGH
Local
|
mozilla
|
network_security_services
|
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted ce…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11697
|
2024-11-21 12:08 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258514
|
7.8 |
HIGH
Local
|
mozilla
|
network_security_services
|
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted c…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11696
|
2024-11-21 12:08 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258515
|
7.8 |
HIGH
Local
|
mozilla
|
network_security_services
|
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted ce…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11695
|
2024-11-21 12:08 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258516
|
5.4 |
MEDIUM
Network
|
synology
|
photo_station
|
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id par…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12072
|
2024-11-21 12:08 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258517
|
8.8 |
HIGH
Network
|
mt4
|
senhasegura
|
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php.
|
CWE-384
Session Fixation
|
CVE-2017-11562
|
2024-11-21 12:08 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258518
|
6.5 |
MEDIUM
Network
|
microsoft
|
office
|
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosu…
|
CWE-200
Information Exposure
|
CVE-2017-11939
|
2024-11-21 12:08 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258519
|
8.8 |
HIGH
Network
|
microsoft
|
sharepoint_enterprise_server
|
Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".
|
CWE-20
Improper Input Validation
|
CVE-2017-11936
|
2024-11-21 12:08 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258520
|
7.8 |
HIGH
Local
|
microsoft
|
office
|
Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11935
|
2024-11-21 12:08 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
