|
254941
|
7.8 |
HIGH
Local
|
netpbm_project
|
netpbm
|
An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-2580
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254942
|
7.8 |
HIGH
Local
|
netpbm_project
|
netpbm
|
An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the appli…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-2579
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254943
|
7.5 |
HIGH
Network
|
redhat
debian
|
undertow
debian_linux
jboss_enterprise_application_platform
|
It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-2670
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254944
|
6.5 |
MEDIUM
Network
|
redhat
|
jboss_enterprise_application_platform
|
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
|
CWE-22
Path Traversal
|
CVE-2017-2595
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254945
|
7.5 |
HIGH
Network
|
redhat
|
cloudforms
cloudforms_management_engine
|
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenSh…
|
-
|
CVE-2017-2639
|
2024-11-21 12:23 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254946
|
6.5 |
MEDIUM
Network
|
redhat
debian
|
undertow
jboss_enterprise_application_platform
debian_linux
|
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid charac…
|
CWE-444
HTTP Request Smuggling
|
CVE-2017-2666
|
2024-11-21 12:23 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254947
|
5.5 |
MEDIUM
Local
|
redhat
|
openstack
|
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access…
|
-
|
CVE-2017-2622
|
2024-11-21 12:23 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254948
|
6.5 |
MEDIUM
Network
|
redhat
|
keycloak
jboss_enterprise_application_platform
|
It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an a…
|
CWE-200
Information Exposure
|
CVE-2017-2582
|
2024-11-21 12:23 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254949
|
9.0 |
CRITICAL
Network
|
redhat
hawt
|
jboss_fuse
hawtio
|
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and …
|
NVD-CWE-noinfo
|
CVE-2017-2589
|
2024-11-21 12:23 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254950
|
6.5 |
MEDIUM
Network
|
redhat
|
cloudforms
cloudforms_management_engine
|
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a vari…
|
NVD-CWE-noinfo
|
CVE-2017-2664
|
2024-11-21 12:23 |
2018-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
