|
248261
|
8.8 |
HIGH
Network
|
powerdns
|
dnsdist
|
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.
|
CWE-352
Origin Validation Error
|
CVE-2017-7557
|
2024-11-21 12:32 |
2017-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248262
|
8.8 |
HIGH
Network
|
hawt
|
hawtio
|
Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted …
|
CWE-352
Origin Validation Error
|
CVE-2017-7556
|
2024-11-21 12:32 |
2017-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248263
|
9.8 |
CRITICAL
Network
|
augeas
|
augeas
|
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the applicatio…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7555
|
2024-11-21 12:32 |
2017-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248264
|
9.8 |
CRITICAL
Network
|
fedoraproject
|
389_directory_server
|
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
|
-
|
CVE-2017-7551
|
2024-11-21 12:32 |
2017-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248265
|
7.5 |
HIGH
Network
|
postgresql
debian
|
postgresql
debian_linux
|
PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents o…
|
NVD-CWE-noinfo
|
CVE-2017-7548
|
2024-11-21 12:32 |
2017-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248266
|
8.8 |
HIGH
Network
|
postgresql
|
postgresql
|
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by…
|
NVD-CWE-noinfo
|
CVE-2017-7547
|
2024-11-21 12:32 |
2017-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248267
|
9.8 |
CRITICAL
Network
|
postgresql
debian
|
postgresql
debian_linux
|
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
|
CWE-287
Improper Authentication
|
CVE-2017-7546
|
2024-11-21 12:32 |
2017-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248268
|
7.5 |
HIGH
Network
|
apache
|
tomcat
|
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypa…
|
CWE-22
Path Traversal
|
CVE-2017-7675
|
2024-11-21 12:32 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248269
|
4.3 |
MEDIUM
Network
|
apache
|
tomcat
|
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Orig…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-7674
|
2024-11-21 12:32 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248270
|
4.9 |
MEDIUM
Network
|
fortinet
|
fortiweb
|
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.
|
CWE-200
CWE-552
Information Exposure
Files or Directories Accessible to External Parties
|
CVE-2017-7737
|
2024-11-21 12:32 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
