NVD List

Id Name Description Reject CVSS Version CVSS Score Severity Pub Date Modified Date Actions
83285  CVE-2017-6081  A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie.    6.8  Medium  2017-03-18  2017-03-17  View
83284  CVE-2017-6080  An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result.    7.5  High  2017-03-18  2017-03-17  View
83283  CVE-2017-6062  The OpenID Connect Relying Party and OAuth 2.0 Resource Server (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an OIDCUnAuthAction pass configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.    Medium  2017-03-18  2017-03-04  View
83282  CVE-2017-6061  Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106.    4.3  Medium  2017-03-18  2017-03-16  View
83281  CVE-2017-6060  Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.    6.8  Medium  2017-07-18  2017-06-30  View

Page 1016 of 17672, showing 5 records out of 88360 total, starting on record 5076, ending on 5080

Actions