|
248141
|
6.5 |
MEDIUM
Network
|
apple
|
safari
iphone_os
tvos
icloud
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue invol…
|
CWE-200
Information Exposure
|
CVE-2017-2493
|
2024-11-21 12:23 |
2018-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248142
|
6.1 |
MEDIUM
Network
|
apple
|
safari
iphone_os
tvos
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It all…
|
CWE-79
Cross-site Scripting
|
CVE-2017-2492
|
2024-11-21 12:23 |
2018-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248143
|
8.1 |
HIGH
Network
|
theforeman
redhat
|
hammer_cli
satellite
satellite_capsule
|
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not ch…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-2667
|
2024-11-21 12:23 |
2018-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248144
|
6.1 |
MEDIUM
Network
|
clusterlabs
|
pcs
|
ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2661
|
2024-11-21 12:23 |
2018-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248145
|
9.8 |
CRITICAL
Network
|
haxx
|
curl
|
curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanw…
|
-
|
CVE-2017-2628
|
2024-11-21 12:23 |
2018-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248146
|
7.5 |
HIGH
Network
|
samba
redhat
debian
|
samba
enterprise_linux
debian_linux
|
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
|
CWE-362
CWE-59
Race Condition
Link Following
|
CVE-2017-2619
|
2024-11-21 12:23 |
2018-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248147
|
5.9 |
MEDIUM
Network
|
redhat
|
keycloak
single_sign_on
|
Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to ti…
|
CWE-200
Information Exposure
|
CVE-2017-2585
|
2024-11-21 12:23 |
2018-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248148
|
7.5 |
HIGH
Network
|
puppet
|
puppet_enterprise
|
Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and…
|
CWE-287
Improper Authentication
|
CVE-2017-2297
|
2024-11-21 12:23 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248149
|
6.5 |
MEDIUM
Network
|
puppet
|
puppet_enterprise
|
In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively c…
|
CWE-20
Improper Input Validation
|
CVE-2017-2296
|
2024-11-21 12:23 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248150
|
4.9 |
MEDIUM
Network
|
puppet
|
puppet_enterprise
|
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. Th…
|
NVD-CWE-noinfo
|
CVE-2017-2293
|
2024-11-21 12:23 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
