|
248131
|
9.8 |
CRITICAL
Network
|
apache
netapp
redhat
oracle
|
log4j
snapcenter
storage_automation_store
oncommand_workflow_automation
oncommand_insight
service_level_manager
oncommand_api_services
enterprise_linux_desktop
enterprise_linu…
|
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that,…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-5645
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248132
|
7.5 |
HIGH
Network
|
apache
|
traffic_server
|
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.
|
CWE-20
Improper Input Validation
|
CVE-2017-5659
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248133
|
9.8 |
CRITICAL
Network
|
apache
|
tomcat
|
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, …
|
NVD-CWE-noinfo
|
CVE-2017-5651
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248134
|
7.5 |
HIGH
Network
|
apache
|
tomcat
|
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting f…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2017-5650
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248135
|
9.1 |
CRITICAL
Network
|
apache
|
tomcat
|
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use th…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2017-5648
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248136
|
7.5 |
HIGH
Network
|
apache
|
tomcat
|
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in…
|
CWE-200
Information Exposure
|
CVE-2017-5647
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248137
|
7.5 |
HIGH
Network
|
canonical
openstack
|
ubuntu_linux
nova-lxd
|
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restriction…
|
NVD-CWE-noinfo
|
CVE-2017-5936
|
2024-11-21 12:28 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248138
|
4.7 |
MEDIUM
Local
|
xmlsoft
|
libxml2
|
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-5969
|
2024-11-21 12:28 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248139
|
6.7 |
MEDIUM
Local
|
unisys
|
secure_partitioning
|
Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2017-5873
|
2024-11-21 12:28 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248140
|
6.5 |
MEDIUM
Network
|
kony
|
enterprise_mobile_management
|
Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request.
|
CWE-200
Information Exposure
|
CVE-2017-5672
|
2024-11-21 12:28 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
