|
255481
|
8.8 |
HIGH
Network
|
cloudera
|
cloudera_manager
|
Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those…
|
CWE-269
Improper Privilege Management
|
CVE-2017-7399
|
2024-11-21 12:31 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255482
|
7.5 |
HIGH
Network
|
php
|
php
|
main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later tr…
|
CWE-20
Improper Input Validation
|
CVE-2017-7189
|
2024-11-21 12:31 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255483
|
7.0 |
HIGH
Local
|
apple
|
iphone_os
mac_os_x
watchos
tvos
itunes
|
A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sie…
|
CWE-362
Race Condition
|
CVE-2017-7151
|
2024-11-21 12:31 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255484
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortiportal
|
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
|
CWE-20
Improper Input Validation
|
CVE-2017-7342
|
2024-11-21 12:31 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255485
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortiportal
|
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView …
|
CWE-79
Cross-site Scripting
|
CVE-2017-7340
|
2024-11-21 12:31 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255486
|
7.8 |
HIGH
Local
|
linux
debian
redhat
|
linux_kernel
debian_linux
enterprise_mrg
|
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-7482
|
2024-11-21 12:31 |
2018-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255487
|
6.1 |
MEDIUM
Network
|
redhat
|
jboss_bpm_suite
|
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7463
|
2024-11-21 12:31 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255488
|
9.8 |
CRITICAL
Network
|
redhat
|
spacewalk
satellite
|
It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.
|
-
|
CVE-2017-7470
|
2024-11-21 12:31 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255489
|
9.8 |
CRITICAL
Network
|
redhat
|
jboss_enterprise_application_platform
|
It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosu…
|
-
|
CVE-2017-7464
|
2024-11-21 12:31 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255490
|
9.8 |
CRITICAL
Network
|
redhat
canonical
debian
|
storage_console
virtualization_manager
virtualization
openshift_container_platform
openstack
gluster_storage
ansible_engine
ubuntu_linux
debian_linux
|
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be…
|
-
|
CVE-2017-7481
|
2024-11-21 12:31 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
