|
249001
|
6.1 |
MEDIUM
Network
|
redhat
|
mobile_application_platform
|
It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using Ap…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7554
|
2024-11-21 12:32 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249002
|
6.3 |
MEDIUM
Network
|
redhat
|
mobile_application_platform
|
The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpo…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-7553
|
2024-11-21 12:32 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249003
|
9.8 |
CRITICAL
Network
|
redhat
|
mobile_application_platform
|
A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to …
|
NVD-CWE-noinfo
|
CVE-2017-7552
|
2024-11-21 12:32 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249004
|
6.4 |
MEDIUM
Local
|
openstack
|
instack-undercloud
|
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, wher…
|
-
|
CVE-2017-7549
|
2024-11-21 12:32 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249005
|
9.1 |
CRITICAL
Network
|
libexif_project
|
libexif
|
libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7544
|
2024-11-21 12:32 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249006
|
7.5 |
HIGH
Network
|
rockwellautomation
|
1763-l16bwa_firmware
1763-l16awa_firmware
1763-l16bbb_firmware
1763-l16dwd_firmware
|
An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could s…
|
CWE-20
Improper Input Validation
|
CVE-2017-7924
|
2024-11-21 12:32 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249007
|
7.5 |
HIGH
Network
|
redhat
|
jboss_enterprise_application_platform
|
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
|
CWE-444
HTTP Request Smuggling
|
CVE-2017-7561
|
2024-11-21 12:32 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249008
|
5.5 |
MEDIUM
Local
|
redhat
|
rhnsd
|
It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-7560
|
2024-11-21 12:32 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249009
|
5.4 |
MEDIUM
Network
|
fortinet
|
fortios
|
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while c…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7735
|
2024-11-21 12:32 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249010
|
5.4 |
MEDIUM
Network
|
fortinet
|
fortios
|
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7734
|
2024-11-21 12:32 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
