|
250441
|
6.6 |
MEDIUM
Local
|
schneider-electric
|
wonderware_historian_client
|
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XM…
|
CWE-611
XXE
|
CVE-2017-7907
|
2024-11-21 12:32 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250442
|
9.8 |
CRITICAL
Network
|
redhat
|
jboss_enterprise_application_platform
|
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read fil…
|
CWE-611
XXE
|
CVE-2017-7503
|
2024-11-21 12:32 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250443
|
7.8 |
HIGH
Local
|
qemu
debian
|
qemu
debian_linux
|
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs meta…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-7493
|
2024-11-21 12:32 |
2017-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250444
|
4.3 |
MEDIUM
Network
|
authconfig_project
|
authconfig
|
Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.
|
CWE-200
Information Exposure
|
CVE-2017-7488
|
2024-11-21 12:32 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250445
|
8.8 |
HIGH
Network
|
apache
|
cxf_fediz
|
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross …
|
CWE-352
Origin Validation Error
|
CVE-2017-7662
|
2024-11-21 12:32 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250446
|
8.8 |
HIGH
Network
|
apache
|
cxf_fediz
|
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, S…
|
CWE-352
Origin Validation Error
|
CVE-2017-7661
|
2024-11-21 12:32 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250447
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from ot…
|
CWE-200
Information Exposure
|
CVE-2017-7495
|
2024-11-21 12:32 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250448
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
|
CWE-352
Origin Validation Error
|
CVE-2017-7491
|
2024-11-21 12:32 |
2017-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250449
|
5.3 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2017-7490
|
2024-11-21 12:32 |
2017-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250450
|
6.3 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
|
CWE-269
Improper Privilege Management
|
CVE-2017-7489
|
2024-11-21 12:32 |
2017-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
