|
252471
|
6.2 |
MEDIUM
Local
|
apache
netapp
oracle
|
struts
oncommand_balance
weblogic_server
jd_edwards_enterpriseone_tools
retail_xstore_point_of_service
financial_services_market_risk_measurement_and_management
webcenter_portal
…
|
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
|
CWE-20
Improper Input Validation
|
CVE-2017-15707
|
2024-11-21 12:15 |
2017-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252472
|
9.8 |
CRITICAL
Network
|
apache
|
qpid_broker-j
|
In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a rem…
|
NVD-CWE-noinfo
|
CVE-2017-15702
|
2024-11-21 12:15 |
2017-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252473
|
7.5 |
HIGH
Network
|
apache
|
qpid_broker-j
|
In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-15701
|
2024-11-21 12:15 |
2017-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252474
|
8.8 |
HIGH
Network
|
otrs
debian
|
otrs
debian_linux
|
In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.
|
NVD-CWE-noinfo
|
CVE-2017-15864
|
2024-11-21 12:15 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252475
|
7.5 |
HIGH
Network
|
konversation
debian
|
konversation
debian_linux
|
Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.
|
NVD-CWE-noinfo
|
CVE-2017-15923
|
2024-11-21 12:15 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252476
|
8.1 |
HIGH
Network
|
zetacomponents
|
mail
|
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow rem…
|
CWE-94
Code Injection
|
CVE-2017-15806
|
2024-11-21 12:15 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252477
|
7.5 |
HIGH
Network
|
frrouting
|
frrouting
|
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE…
|
CWE-200
Information Exposure
|
CVE-2017-15865
|
2024-11-21 12:15 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252478
|
9.8 |
CRITICAL
Network
|
synology
|
carddav_server
|
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-f…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2017-15887
|
2024-11-21 12:15 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252479
|
7.8 |
HIGH
Local
|
hashicorp
|
vagrant
|
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
|
CWE-362
Race Condition
|
CVE-2017-16001
|
2024-11-21 12:15 |
2017-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252480
|
7.8 |
HIGH
Local
|
ignitum
|
sera
|
Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-15918
|
2024-11-21 12:15 |
2017-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
