|
265481
|
8.8 |
HIGH
Network
|
odoo
|
odoo
|
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OA…
|
CWE-863
Incorrect Authorization
|
CVE-2017-10805
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265482
|
9.8 |
CRITICAL
Network
|
odoo
|
odoo
|
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 c…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2017-10804
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265483
|
6.5 |
MEDIUM
Local
|
odoo
|
odoo
|
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated pr…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-10803
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265484
|
9.8 |
CRITICAL
Network
|
jabberd2
|
jabberd2
|
JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
|
CWE-287
Improper Authentication
|
CVE-2017-10807
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265485
|
6.1 |
MEDIUM
Network
|
objectplanet
|
opinio
|
In ObjectPlanet Opinio before 7.6.4, there is XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10798
|
2024-11-21 12:06 |
2017-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265486
|
5.5 |
MEDIUM
Local
|
graphicsmagick
|
graphicsmagick
|
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-10800
|
2024-11-21 12:06 |
2017-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265487
|
5.5 |
MEDIUM
Local
|
graphicsmagick
|
graphicsmagick
|
When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-10799
|
2024-11-21 12:06 |
2017-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265488
|
6.5 |
MEDIUM
Adjacent
|
tp-link
|
nc250_firmware
|
On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL.
|
CWE-287
Improper Authentication
|
CVE-2017-10796
|
2024-11-21 12:06 |
2017-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265489
|
5.5 |
MEDIUM
Local
|
graphicsmagick
|
graphicsmagick
|
When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-10794
|
2024-11-21 12:06 |
2017-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265490
|
6.1 |
MEDIUM
Network
|
intelliants
|
subrion
|
Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10795
|
2024-11-21 12:06 |
2017-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
