|
250961
|
9.8 |
CRITICAL
Network
|
mozilla
|
network_security_services
|
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-5461
|
2024-11-21 12:27 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250962
|
6.5 |
MEDIUM
Network
|
tibco
|
spotfire_server
spotfire_analytics_platform_for_aws
|
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier cont…
|
CWE-89
SQL Injection
|
CVE-2017-5527
|
2024-11-21 12:27 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250963
|
8.8 |
HIGH
Network
|
trendmicro
|
officescan
|
Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.
|
CWE-200
Information Exposure
|
CVE-2017-5481
|
2024-11-21 12:27 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250964
|
7.5 |
HIGH
Network
|
rapid7
|
appspider_pro
|
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of servi…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5240
|
2024-11-21 12:27 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250965
|
7.8 |
HIGH
Local
|
rapid7
|
appspider_pro
|
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current w…
|
CWE-426
Untrusted Search Path
|
CVE-2017-5236
|
2024-11-21 12:27 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250966
|
9.1 |
CRITICAL
Network
|
technicolor
|
dpc3928sl_firmware
|
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c34…
|
NVD-CWE-noinfo
|
CVE-2017-5135
|
2024-11-21 12:27 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250967
|
7.5 |
HIGH
Network
|
netiq
novell
|
edirectory
imanager
|
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the de…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-5186
|
2024-11-21 12:27 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250968
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5191
|
2024-11-21 12:27 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250969
|
5.3 |
MEDIUM
Network
|
aveva
|
wonderware_intouch_access_anywhere
|
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security witho…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-5160
|
2024-11-21 12:27 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250970
|
9.8 |
CRITICAL
Network
|
aveva
|
wonderware_intouch_access_anywhere
|
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parame…
|
CWE-200
Information Exposure
|
CVE-2017-5158
|
2024-11-21 12:27 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
