NVD List
Id | Name | Description | Reject | CVSS Version | CVSS Score | Severity | Pub Date | Modified Date | Actions |
---|---|---|---|---|---|---|---|---|---|
83285 | CVE-2017-6081 | A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie. | 2 | 6.8 | Medium | 2017-03-18 | 2017-03-17 | View | |
83284 | CVE-2017-6080 | An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result. | 2 | 7.5 | High | 2017-03-18 | 2017-03-17 | View | |
83283 | CVE-2017-6062 | The OpenID Connect Relying Party and OAuth 2.0 Resource Server (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an OIDCUnAuthAction pass configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. | 2 | 5 | Medium | 2017-03-18 | 2017-03-04 | View | |
83282 | CVE-2017-6061 | Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106. | 2 | 4.3 | Medium | 2017-03-18 | 2017-03-16 | View | |
83281 | CVE-2017-6060 | Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image. | 2 | 6.8 | Medium | 2017-07-18 | 2017-06-30 | View |
Page 1016 of 17672, showing 5 records out of 88360 total, starting on record 5076, ending on 5080