|
252831
|
9.1 |
CRITICAL
Network
|
kemptechnologies
|
web_application_firewall
|
The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.
|
NVD-CWE-noinfo
|
CVE-2017-15524
|
2024-11-21 12:14 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252832
|
7.8 |
HIGH
Local
|
heketi_project
redhat
|
heketi
enterprise_linux
|
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi…
|
-
|
CVE-2017-15104
|
2024-11-21 12:14 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252833
|
8.8 |
HIGH
Network
|
heketi_project
redhat
|
heketi
enterprise_linux
|
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote …
|
-
|
CVE-2017-15103
|
2024-11-21 12:14 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252834
|
3.3 |
LOW
Local
|
symantec
|
norton_family
|
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first…
|
CWE-200
Information Exposure
|
CVE-2017-15530
|
2024-11-21 12:14 |
2017-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252835
|
6.2 |
MEDIUM
Local
|
symantec
|
norton_family
|
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-15529
|
2024-11-21 12:14 |
2017-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252836
|
5.5 |
MEDIUM
Local
|
redhat
|
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux
enterprise_linux_server
enterprise_linux_server_tus
enterprise_linux_server_eus
enterprise_linux_server_aus
|
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.
|
-
|
CVE-2017-15121
|
2024-11-21 12:14 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252837
|
7.4 |
HIGH
Local
|
arqbackup
|
arq
|
The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
|
CWE-362
CWE-59
Race Condition
Link Following
|
CVE-2017-15357
|
2024-11-21 12:14 |
2017-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252838
|
9.8 |
CRITICAL
Network
|
inedo
|
otter
|
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.
|
CWE-22
Path Traversal
|
CVE-2017-15607
|
2024-11-21 12:14 |
2017-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252839
|
5.5 |
MEDIUM
Local
|
linux
redhat
|
linux_kernel
enterprise_linux
|
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15116
|
2024-11-21 12:14 |
2017-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252840
|
7.2 |
HIGH
Network
|
cs-cart
|
cs-cart
|
The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-15673
|
2024-11-21 12:14 |
2017-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
