|
247901
|
6.5 |
MEDIUM
Network
|
apache
|
ambari
|
In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the ho…
|
CWE-200
Information Exposure
|
CVE-2017-5655
|
2024-11-21 12:28 |
2017-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247902
|
7.5 |
HIGH
Network
|
apache
|
ambari
|
In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
|
CWE-91
Blind XPath Injection
|
CVE-2017-5654
|
2024-11-21 12:28 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247903
|
5.9 |
MEDIUM
Network
|
oneplus
|
oxygenos
|
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check tha…
|
CWE-20
Improper Input Validation
|
CVE-2017-5948
|
2024-11-21 12:28 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247904
|
7.5 |
HIGH
Network
|
asus
|
rt-ac1750_firmware
|
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map.
|
CWE-200
Information Exposure
|
CVE-2017-5892
|
2024-11-21 12:28 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247905
|
8.8 |
HIGH
Network
|
asus
|
rt-ac1750_firmware
|
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2017-5891
|
2024-11-21 12:28 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247906
|
7.0 |
HIGH
Local
|
blftech
|
visualview_hmi
|
An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may a…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-6051
|
2024-11-21 12:28 |
2017-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247907
|
8.8 |
HIGH
Network
|
certec_edv_gmbh
|
atvise_scada
|
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may al…
|
CWE-74
Injection
|
CVE-2017-6031
|
2024-11-21 12:28 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247908
|
5.4 |
MEDIUM
Network
|
certec_edv_gmbh
|
atvise_scada
|
A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6029
|
2024-11-21 12:28 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247909
|
5.9 |
MEDIUM
Network
|
rockwellautomation
|
compactlogix_5380_firmware
controllogix_5580_firmware
|
A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-6024
|
2024-11-21 12:28 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247910
|
5.9 |
MEDIUM
Network
|
21st_century_insurance
|
21st_century_insurance
|
The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a cra…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-5919
|
2024-11-21 12:28 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
