|
254981
|
8.1 |
HIGH
Network
|
opensuse
|
libzypp
|
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into…
|
CWE-20
Improper Input Validation
|
CVE-2017-7436
|
2024-11-21 12:31 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254982
|
8.1 |
HIGH
Network
|
opensuse
|
libzypp
|
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into…
|
CWE-20
Improper Input Validation
|
CVE-2017-7435
|
2024-11-21 12:31 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254983
|
9.1 |
CRITICAL
Network
|
netiq
|
identity_manager
|
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.
|
CWE-611
XXE
|
CVE-2017-7426
|
2024-11-21 12:31 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254984
|
9.8 |
CRITICAL
Network
|
xmlsoft
google
debian
|
libxml2
android
debian_linux
|
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7376
|
2024-11-21 12:31 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254985
|
9.8 |
CRITICAL
Network
|
xmlsoft
debian
google
|
libxml2
debian_linux
android
|
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD …
|
CWE-611
XXE
|
CVE-2017-7375
|
2024-11-21 12:31 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254986
|
8.8 |
HIGH
Network
|
vanderbilt
|
redcap
|
A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload.
|
CWE-89
SQL Injection
|
CVE-2017-7351
|
2024-11-21 12:31 |
2018-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254987
|
7.8 |
HIGH
Local
|
yandex
|
yandex_browser
|
Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.
|
CWE-426
Untrusted Search Path
|
CVE-2017-7327
|
2024-11-21 12:31 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254988
|
7.5 |
HIGH
Network
|
yandex
|
yandex_browser
|
Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page
|
CWE-362
Race Condition
|
CVE-2017-7326
|
2024-11-21 12:31 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254989
|
7.5 |
HIGH
Network
|
yandex
|
yandex_browser
|
Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open.
|
CWE-20
Improper Input Validation
|
CVE-2017-7325
|
2024-11-21 12:31 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254990
|
7.8 |
HIGH
Local
|
apple
|
mac_os_x
|
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7163
|
2024-11-21 12:31 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
