|
246771
|
6.5 |
MEDIUM
Network
|
apache
|
geode
|
When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could …
|
CWE-200
Information Exposure
|
CVE-2017-9797
|
2024-11-21 12:36 |
2017-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246772
|
4.9 |
MEDIUM
Network
|
solarwinds
|
network_performance_monitor
|
The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit…
|
CWE-20
Improper Input Validation
|
CVE-2017-9538
|
2024-11-21 12:36 |
2017-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246773
|
4.8 |
MEDIUM
Network
|
solarwinds
|
network_performance_monitor
|
Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various v…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9537
|
2024-11-21 12:36 |
2017-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246774
|
4.3 |
MEDIUM
Network
|
apache
|
geode
|
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query res…
|
CWE-200
Information Exposure
|
CVE-2017-9794
|
2024-11-21 12:36 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246775
|
7.5 |
HIGH
Network
|
apache
|
mesos
|
When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, bec…
|
CWE-416
Use After Free
|
CVE-2017-9790
|
2024-11-21 12:36 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246776
|
6.1 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as …
|
CWE-79
Cross-site Scripting
|
CVE-2017-9551
|
2024-11-21 12:36 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246777
|
9.8 |
CRITICAL
Network
|
ca
|
identity_manager_virtual_appliance
identity_manager
|
CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.
|
CWE-200
Information Exposure
|
CVE-2017-9393
|
2024-11-21 12:36 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246778
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed wh…
|
CWE-682
Incorrect Calculation
|
CVE-2017-9725
|
2024-11-21 12:36 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246779
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writ…
|
CWE-269
Improper Privilege Management
|
CVE-2017-9724
|
2024-11-21 12:36 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246780
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur.
|
CWE-193
Off-by-one Error
|
CVE-2017-9720
|
2024-11-21 12:36 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
