|
249881
|
8.8 |
HIGH
Network
|
netiq
microfocus
|
edirectory
|
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iM…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-7429
|
2024-11-21 12:31 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249882
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7419
|
2024-11-21 12:31 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249883
|
8.1 |
HIGH
Network
|
opensuse
|
libzypp
|
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into…
|
CWE-20
Improper Input Validation
|
CVE-2017-7436
|
2024-11-21 12:31 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249884
|
8.1 |
HIGH
Network
|
opensuse
|
libzypp
|
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into…
|
CWE-20
Improper Input Validation
|
CVE-2017-7435
|
2024-11-21 12:31 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249885
|
9.1 |
CRITICAL
Network
|
netiq
|
identity_manager
|
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.
|
CWE-611
XXE
|
CVE-2017-7426
|
2024-11-21 12:31 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249886
|
9.8 |
CRITICAL
Network
|
xmlsoft
google
debian
|
libxml2
android
debian_linux
|
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7376
|
2024-11-21 12:31 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249887
|
9.8 |
CRITICAL
Network
|
xmlsoft
debian
google
|
libxml2
debian_linux
android
|
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD …
|
CWE-611
XXE
|
CVE-2017-7375
|
2024-11-21 12:31 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249888
|
8.8 |
HIGH
Network
|
vanderbilt
|
redcap
|
A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload.
|
CWE-89
SQL Injection
|
CVE-2017-7351
|
2024-11-21 12:31 |
2018-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249889
|
7.8 |
HIGH
Local
|
yandex
|
yandex_browser
|
Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.
|
CWE-426
Untrusted Search Path
|
CVE-2017-7327
|
2024-11-21 12:31 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249890
|
7.5 |
HIGH
Network
|
yandex
|
yandex_browser
|
Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page
|
CWE-362
Race Condition
|
CVE-2017-7326
|
2024-11-21 12:31 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
