|
248501
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortiportal
|
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
|
CWE-20
Improper Input Validation
|
CVE-2017-7342
|
2024-11-21 12:31 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248502
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortiportal
|
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView …
|
CWE-79
Cross-site Scripting
|
CVE-2017-7340
|
2024-11-21 12:31 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248503
|
7.8 |
HIGH
Local
|
linux
debian
redhat
|
linux_kernel
debian_linux
enterprise_mrg
|
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-7482
|
2024-11-21 12:31 |
2018-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248504
|
6.1 |
MEDIUM
Network
|
redhat
|
jboss_bpm_suite
|
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7463
|
2024-11-21 12:31 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248505
|
9.8 |
CRITICAL
Network
|
redhat
|
spacewalk
satellite
|
It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.
|
-
|
CVE-2017-7470
|
2024-11-21 12:31 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248506
|
9.8 |
CRITICAL
Network
|
redhat
|
jboss_enterprise_application_platform
|
It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosu…
|
-
|
CVE-2017-7464
|
2024-11-21 12:31 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248507
|
9.8 |
CRITICAL
Network
|
redhat
canonical
debian
|
storage_console
virtualization_manager
virtualization
openshift_container_platform
openstack
gluster_storage
ansible_engine
ubuntu_linux
debian_linux
|
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be…
|
-
|
CVE-2017-7481
|
2024-11-21 12:31 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248508
|
7.5 |
HIGH
Network
|
haxx
|
libcurl
|
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is a…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-7468
|
2024-11-21 12:31 |
2018-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248509
|
9.8 |
CRITICAL
Network
|
minicom_project
|
minicom
|
A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbit…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7467
|
2024-11-21 12:31 |
2018-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248510
|
9.0 |
CRITICAL
Adjacent
|
qemu
|
qemu
|
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-7471
|
2024-11-21 12:31 |
2018-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
