|
251301
|
6.5 |
MEDIUM
Network
|
apache
|
oozie
|
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file contain…
|
CWE-22
Path Traversal
|
CVE-2017-15712
|
2024-11-21 12:15 |
2018-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251302
|
6.5 |
MEDIUM
Network
|
apache
|
qpid_dispatch
|
A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Q…
|
CWE-20
Improper Input Validation
|
CVE-2017-15699
|
2024-11-21 12:15 |
2018-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251303
|
3.7 |
LOW
Network
|
apache
|
activemq
|
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
|
CWE-200
Information Exposure
|
CVE-2017-15709
|
2024-11-21 12:15 |
2018-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251304
|
8.8 |
HIGH
Network
|
borgbackup
|
borg
|
Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3.
|
NVD-CWE-noinfo
|
CVE-2017-15914
|
2024-11-21 12:15 |
2018-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251305
|
5.3 |
MEDIUM
Network
|
apache
|
tomcat
|
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorit…
|
CWE-358
Improperly Implemented Security Check for Standard
|
CVE-2017-15706
|
2024-11-21 12:15 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251306
|
5.9 |
MEDIUM
Network
|
apache
debian
|
tomcat_native
debian_linux
|
When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of …
|
CWE-295
Improper Certificate Validation
|
CVE-2017-15698
|
2024-11-21 12:15 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251307
|
5.0 |
MEDIUM
Local
|
apache
|
nifi
|
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. Th…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-15703
|
2024-11-21 12:15 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251308
|
9.8 |
CRITICAL
Network
|
apache
|
hadoop
|
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
|
NVD-CWE-noinfo
|
CVE-2017-15718
|
2024-11-21 12:15 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251309
|
9.8 |
CRITICAL
Network
|
apache
|
nifi
|
A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on …
|
CWE-20
Improper Input Validation
|
CVE-2017-15697
|
2024-11-21 12:15 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251310
|
6.5 |
MEDIUM
Network
|
apache
|
hadoop
|
Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce …
|
CWE-200
Information Exposure
|
CVE-2017-15713
|
2024-11-21 12:15 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
