|
248871
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymo…
|
CWE-200
Information Exposure
|
CVE-2017-2606
|
2024-11-21 12:23 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248872
|
4.3 |
MEDIUM
Network
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permis…
|
CWE-863
Incorrect Authorization
|
CVE-2017-2611
|
2024-11-21 12:23 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248873
|
7.5 |
HIGH
Network
|
hawt
|
hawtio
|
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this…
|
CWE-22
Path Traversal
|
CVE-2017-2594
|
2024-11-21 12:23 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248874
|
5.5 |
MEDIUM
Local
|
openstack
canonical
|
oslo.middleware
ubuntu_linux
|
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error mess…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-2592
|
2024-11-21 12:23 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248875
|
7.5 |
HIGH
Network
|
fedoraproject
redhat
|
389_directory_server
enterprise_linux
|
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An aut…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-2591
|
2024-11-21 12:23 |
2018-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248876
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't ha…
|
CWE-863
Incorrect Authorization
|
CVE-2017-2599
|
2024-11-21 12:23 |
2018-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248877
|
6.5 |
MEDIUM
Network
|
apple
|
safari
iphone_os
tvos
icloud
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue invol…
|
CWE-200
Information Exposure
|
CVE-2017-2493
|
2024-11-21 12:23 |
2018-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248878
|
6.1 |
MEDIUM
Network
|
apple
|
safari
iphone_os
tvos
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It all…
|
CWE-79
Cross-site Scripting
|
CVE-2017-2492
|
2024-11-21 12:23 |
2018-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248879
|
8.1 |
HIGH
Network
|
theforeman
redhat
|
hammer_cli
satellite
satellite_capsule
|
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not ch…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-2667
|
2024-11-21 12:23 |
2018-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248880
|
6.1 |
MEDIUM
Network
|
clusterlabs
|
pcs
|
ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2661
|
2024-11-21 12:23 |
2018-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
