|
249741
|
6.1 |
MEDIUM
Network
|
cybozu
|
kunai
|
Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2172
|
2024-11-21 12:23 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249742
|
8.2 |
HIGH
Network
|
puppet
debian
|
puppet
debian_linux
|
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization i…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-2295
|
2024-11-21 12:23 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249743
|
7.5 |
HIGH
Network
|
puppet
|
puppet_enterprise
|
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in Pu…
|
CWE-200
Information Exposure
|
CVE-2017-2294
|
2024-11-21 12:23 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249744
|
6.5 |
MEDIUM
Network
|
puppet
|
mcollective-sshkey-security
|
The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an …
|
CWE-20
Improper Input Validation
|
CVE-2017-2298
|
2024-11-21 12:23 |
2017-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249745
|
9.0 |
CRITICAL
Network
|
puppet
|
mcollective
|
Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.sa…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-2292
|
2024-11-21 12:23 |
2017-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249746
|
8.8 |
HIGH
Network
|
apple
|
iphone_os
|
Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file.
|
CWE-416
Use After Free
|
CVE-2017-2491
|
2024-11-21 12:23 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249747
|
7.8 |
HIGH
Local
|
baidu
|
simeji
|
Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
CWE-426
Untrusted Search Path
|
CVE-2017-2219
|
2024-11-21 12:23 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249748
|
8.4 |
HIGH
Local
|
jiransoft
|
appcheck
appcheck_pro
|
Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified direc…
|
CWE-426
Untrusted Search Path
|
CVE-2017-2214
|
2024-11-21 12:23 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249749
|
7.8 |
HIGH
Local
|
gsi
|
semidynaexe
|
Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EXE) ver. 1.0.2 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
CWE-426
Untrusted Search Path
|
CVE-2017-2213
|
2024-11-21 12:23 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249750
|
7.8 |
HIGH
Local
|
gsi
|
tky2jgd
|
Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. 1.3.79 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
CWE-426
Untrusted Search Path
|
CVE-2017-2212
|
2024-11-21 12:23 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
