|
255601
|
5.5 |
MEDIUM
Local
|
artifex
|
ghostscript
|
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected…
|
CWE-200
Information Exposure
|
CVE-2017-15652
|
2024-11-21 12:14 |
2019-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255602
|
4.8 |
MEDIUM
Network
|
netapp
|
snapcenter_server
|
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15515
|
2024-11-21 12:14 |
2019-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255603
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute ar…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2017-15428
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255604
|
7.0 |
HIGH
Local
|
google
|
chrome
|
Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptoh…
|
CWE-362
Race Condition
|
CVE-2017-15405
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255605
|
7.8 |
HIGH
Local
|
google
|
chrome
|
An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2017-15404
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255606
|
7.3 |
HIGH
Local
|
google
|
chrome
|
Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute…
|
CWE-77
Command Injection
|
CVE-2017-15403
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255607
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prio…
|
CWE-20
Improper Input Validation
|
CVE-2017-15402
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255608
|
8.8 |
HIGH
Network
|
google
|
chrome
|
A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code …
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2017-15401
|
2024-11-21 12:14 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255609
|
6.5 |
MEDIUM
Network
|
inedo
|
proget
|
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.
|
CWE-352
Origin Validation Error
|
CVE-2017-15608
|
2024-11-21 12:14 |
2018-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255610
|
6.1 |
MEDIUM
Network
|
google
debian
redhat
|
chrome
debian_linux
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
|
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15429
|
2024-11-21 12:14 |
2018-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
