|
251741
|
5.9 |
MEDIUM
Network
|
redhat
|
gluster_storage
|
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
|
-
|
CVE-2017-15085
|
2024-11-21 12:14 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251742
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15306
|
2024-11-21 12:14 |
2017-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251743
|
8.8 |
HIGH
Network
|
ffmpeg
debian
|
ffmpeg
debian_linux
|
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bound…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-15672
|
2024-11-21 12:14 |
2017-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251744
|
7.8 |
HIGH
Local
|
schedmd
|
slurm
|
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog…
|
CWE-426
Untrusted Search Path
|
CVE-2017-15566
|
2024-11-21 12:14 |
2017-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251745
|
9.1 |
CRITICAL
Network
|
mongodb
|
mongodb
|
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enab…
|
NVD-CWE-noinfo
|
CVE-2017-15535
|
2024-11-21 12:14 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251746
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as ti…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15273
|
2024-11-21 12:14 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251747
|
9.1 |
CRITICAL
Network
|
xen
|
xen
|
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not mat…
|
CWE-119
CWE-200
Incorrect Access of Indexable Resource ('Range Error')
Information Exposure
|
CVE-2017-15597
|
2024-11-21 12:14 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251748
|
7.5 |
HIGH
Network
|
writediary
|
diary_with_lock
|
In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obta…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-15582
|
2024-11-21 12:14 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251749
|
7.5 |
HIGH
Network
|
writediary
|
diary_with_lock
|
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-15581
|
2024-11-21 12:14 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251750
|
9.8 |
CRITICAL
Network
|
ndocsoftware
|
ndoc
|
Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-15366
|
2024-11-21 12:14 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
