|
248331
|
7.5 |
HIGH
Network
|
digital_canal_structural
|
wind_analysis
|
A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7910
|
2024-11-21 12:32 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248332
|
5.9 |
MEDIUM
Network
|
apache
|
ranger
|
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.
|
CWE-862
Missing Authorization
|
CVE-2017-7677
|
2024-11-21 12:32 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248333
|
9.8 |
CRITICAL
Network
|
apache
|
ranger
|
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.
|
CWE-20
Improper Input Validation
|
CVE-2017-7676
|
2024-11-21 12:32 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248334
|
7.5 |
HIGH
Network
|
apache
|
nifi
|
Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.
|
CWE-346
Origin Validation Error
|
CVE-2017-7667
|
2024-11-21 12:32 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248335
|
6.1 |
MEDIUM
Network
|
apache
|
nifi
|
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7665
|
2024-11-21 12:32 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248336
|
7.5 |
HIGH
Network
|
arm
|
arm_trusted_firmware
|
In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug except…
|
CWE-20
Improper Input Validation
|
CVE-2017-7564
|
2024-11-21 12:32 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248337
|
8.1 |
HIGH
Network
|
arm
|
arm_trusted_firmware
|
In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency i…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-7563
|
2024-11-21 12:32 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248338
|
5.5 |
MEDIUM
Local
|
freedesktop
|
poppler
|
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
|
CWE-674
Uncontrolled Recursion
|
CVE-2017-7515
|
2024-11-21 12:32 |
2017-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248339
|
7.5 |
HIGH
Network
|
apache
|
hadoop
|
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated u…
|
CWE-20
Improper Input Validation
|
CVE-2017-7669
|
2024-11-21 12:32 |
2017-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248340
|
5.5 |
MEDIUM
Local
|
freedesktop
|
poppler
|
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-7511
|
2024-11-21 12:32 |
2017-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
