|
256591
|
5.9 |
MEDIUM
Network
|
infineon
|
trusted_platform_firmware
rsa_library
|
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 13…
|
NVD-CWE-noinfo
|
CVE-2017-15361
|
2024-11-21 12:14 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256592
|
6.1 |
MEDIUM
Network
|
wpjobboard
|
wpjobboard
|
Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15375
|
2024-11-21 12:14 |
2017-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256593
|
6.1 |
MEDIUM
Network
|
shopware
|
shopware
|
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script c…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15374
|
2024-11-21 12:14 |
2017-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256594
|
7.8 |
HIGH
Local
|
cpuid
|
cpu-z
|
In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, be…
|
NVD-CWE-noinfo
|
CVE-2017-15302
|
2024-11-21 12:14 |
2017-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256595
|
7.5 |
HIGH
Network
|
mirasys
|
video_management_system
|
Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-15290
|
2024-11-21 12:14 |
2017-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256596
|
6.1 |
MEDIUM
Network
|
bouqueteditor_project
|
bouqueteditor
|
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15287
|
2024-11-21 12:14 |
2017-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256597
|
7.5 |
HIGH
Network
|
qemu
|
qemu
|
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-15268
|
2024-11-21 12:14 |
2017-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256598
|
8.8 |
HIGH
Network
|
opentext
|
documentum_content_server
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser…
|
CWE-22
Path Traversal
|
CVE-2017-15276
|
2024-11-21 12:14 |
2017-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256599
|
7.5 |
HIGH
Network
|
sqlite
|
sqlite
|
SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never in…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15286
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256600
|
5.4 |
MEDIUM
Network
|
octobercms
|
october
|
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened …
|
CWE-79
Cross-site Scripting
|
CVE-2017-15284
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
