|
264231
|
7.8 |
HIGH
Local
|
gnu
|
glibc
|
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-1000408
|
2024-11-21 12:04 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264232
|
7.5 |
HIGH
Network
|
opendaylight
|
opendaylight
openflow
|
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE w…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2017-1000411
|
2024-11-21 12:04 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264233
|
6.5 |
MEDIUM
Network
|
mahara
|
mahara
|
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address,…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-1000141
|
2024-11-21 12:04 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264234
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an …
|
CWE-352
Origin Validation Error
|
CVE-2017-1000356
|
2024-11-21 12:04 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264235
|
6.5 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000355
|
2024-11-21 12:04 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264236
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based…
|
CWE-287
Improper Authentication
|
CVE-2017-1000354
|
2024-11-21 12:04 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264237
|
9.8 |
CRITICAL
Network
|
jenkins
oracle
|
jenkins
communications_cloud_native_core_automated_test_suite
|
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attacker…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000353
|
2024-11-21 12:04 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264238
|
6.1 |
MEDIUM
Network
|
jenkins
|
delivery_pipeline
|
The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability thro…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000404
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264239
|
8.8 |
HIGH
Network
|
jenkins
|
speaks\!
|
Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000403
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264240
|
5.9 |
MEDIUM
Network
|
jenkins
|
swarm
|
Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible …
|
CWE-20
Improper Input Validation
|
CVE-2017-1000402
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
