|
252461
|
8.1 |
HIGH
Network
|
backintime_project
|
backintime
|
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condi…
|
CWE-362
Race Condition
|
CVE-2017-7572
|
2024-11-21 12:32 |
2017-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252462
|
7.5 |
HIGH
Network
|
botan_project
|
botan
|
bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-7252
|
2024-11-21 12:31 |
2023-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252463
|
8.8 |
HIGH
Network
|
cloudera
|
cloudera_manager
|
Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those…
|
CWE-269
Improper Privilege Management
|
CVE-2017-7399
|
2024-11-21 12:31 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252464
|
7.5 |
HIGH
Network
|
php
|
php
|
main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later tr…
|
CWE-20
Improper Input Validation
|
CVE-2017-7189
|
2024-11-21 12:31 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252465
|
7.0 |
HIGH
Local
|
apple
|
iphone_os
mac_os_x
watchos
tvos
itunes
|
A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sie…
|
CWE-362
Race Condition
|
CVE-2017-7151
|
2024-11-21 12:31 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252466
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortiportal
|
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
|
CWE-20
Improper Input Validation
|
CVE-2017-7342
|
2024-11-21 12:31 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252467
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortiportal
|
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView …
|
CWE-79
Cross-site Scripting
|
CVE-2017-7340
|
2024-11-21 12:31 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252468
|
7.8 |
HIGH
Local
|
linux
debian
redhat
|
linux_kernel
debian_linux
enterprise_mrg
|
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-7482
|
2024-11-21 12:31 |
2018-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252469
|
6.1 |
MEDIUM
Network
|
redhat
|
jboss_bpm_suite
|
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7463
|
2024-11-21 12:31 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252470
|
9.8 |
CRITICAL
Network
|
redhat
|
spacewalk
satellite
|
It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.
|
-
|
CVE-2017-7470
|
2024-11-21 12:31 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
