|
249281
|
6.8 |
MEDIUM
Physics
|
apple
|
mac_os_x
|
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows physically proximate attackers to bypass the screen-locking p…
|
NVD-CWE-noinfo
|
CVE-2017-7070
|
2024-11-21 12:31 |
2018-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249282
|
6.5 |
MEDIUM
Adjacent
|
apple
|
iphone_os
tvos
|
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows attackers to cause a denial of se…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7066
|
2024-11-21 12:31 |
2018-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249283
|
8.8 |
HIGH
Adjacent
|
apple
|
mac_os_x
iphone_os
tvos
|
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7065
|
2024-11-21 12:31 |
2018-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249284
|
6.1 |
MEDIUM
Network
|
netiq
|
privileged_account_manager
|
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7437
|
2024-11-21 12:31 |
2018-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249285
|
6.1 |
MEDIUM
Network
|
netiq
|
identity_manager
|
Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary …
|
CWE-79
Cross-site Scripting
|
CVE-2017-7427
|
2024-11-21 12:31 |
2018-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249286
|
6.1 |
MEDIUM
Network
|
netiq
|
privileged_account_manager
|
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7438
|
2024-11-21 12:31 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249287
|
9.8 |
CRITICAL
Network
|
netiq
|
identity_manager
|
In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-7434
|
2024-11-21 12:31 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249288
|
8.8 |
HIGH
Network
|
netiq
microfocus
|
edirectory
|
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iM…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-7429
|
2024-11-21 12:31 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249289
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7419
|
2024-11-21 12:31 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249290
|
8.1 |
HIGH
Network
|
opensuse
|
libzypp
|
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into…
|
CWE-20
Improper Input Validation
|
CVE-2017-7436
|
2024-11-21 12:31 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
