|
248111
|
6.5 |
MEDIUM
Network
|
libbpg_project
|
libbpg
|
A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeare…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-2575
|
2024-11-21 12:23 |
2018-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248112
|
8.2 |
HIGH
Local
|
redhat
openstack
|
openstack
tripleo-common
|
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. …
|
CWE-22
Path Traversal
|
CVE-2017-2627
|
2024-11-21 12:23 |
2018-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248113
|
4.3 |
MEDIUM
Network
|
theforeman
|
katello
|
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respe…
|
-
|
CVE-2017-2662
|
2024-11-21 12:23 |
2018-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248114
|
5.3 |
MEDIUM
Network
|
jenkins
|
email_extension
|
jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, li…
|
CWE-200
Information Exposure
|
CVE-2017-2654
|
2024-11-21 12:23 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248115
|
7.8 |
HIGH
Local
|
redhat
|
subscription-manager
|
It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local a…
|
NVD-CWE-noinfo
|
CVE-2017-2663
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248116
|
8.8 |
HIGH
Network
|
jenkins
|
distributed_fork
|
It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Ov…
|
CWE-287
Improper Authentication
|
CVE-2017-2652
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248117
|
8.5 |
HIGH
Network
|
jenkins
|
pipeline_classpath_step
|
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permiss…
|
NVD-CWE-noinfo
|
CVE-2017-2650
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248118
|
8.1 |
HIGH
Network
|
jenkins
|
active_directory
|
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
|
CWE-295
Improper Certificate Validation
|
CVE-2017-2649
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248119
|
5.6 |
MEDIUM
Network
|
jenkins
|
ssh_slaves
|
It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.
|
CWE-295
Improper Certificate Validation
|
CVE-2017-2648
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248120
|
7.5 |
HIGH
Network
|
linux
redhat
|
linux_kernel
enterprise_linux_server
enterprise_linux_workstation
enterprise_linux_desktop
enterprise_linux_server_aus
|
It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP conne…
|
-
|
CVE-2017-2634
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
