|
250091
|
3.7 |
LOW
Adjacent
|
hyundaiusa
|
blue_link
|
A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence…
|
NVD-CWE-noinfo
|
CVE-2017-6052
|
2024-11-21 12:28 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250092
|
4.6 |
MEDIUM
Physics
|
oneplus
|
oxygenos
|
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-5625
|
2024-11-21 12:28 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250093
|
7.5 |
HIGH
Network
|
apache
|
cxf
|
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an …
|
CWE-384
Session Fixation
|
CVE-2017-5656
|
2024-11-21 12:28 |
2017-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250094
|
5.3 |
MEDIUM
Network
|
apache
|
cxf
|
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
|
CWE-295
Improper Certificate Validation
|
CVE-2017-5653
|
2024-11-21 12:28 |
2017-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250095
|
7.3 |
HIGH
Network
|
apache
|
batik
|
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown dep…
|
CWE-611
XXE
|
CVE-2017-5662
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250096
|
7.3 |
HIGH
Network
|
apache
|
formatting_objects_processor
|
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend …
|
CWE-611
XXE
|
CVE-2017-5661
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250097
|
9.8 |
CRITICAL
Network
|
apache
netapp
redhat
oracle
|
log4j
snapcenter
storage_automation_store
oncommand_workflow_automation
oncommand_insight
service_level_manager
oncommand_api_services
enterprise_linux_desktop
enterprise_linu…
|
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that,…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-5645
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250098
|
7.5 |
HIGH
Network
|
apache
|
traffic_server
|
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.
|
CWE-20
Improper Input Validation
|
CVE-2017-5659
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250099
|
9.8 |
CRITICAL
Network
|
apache
|
tomcat
|
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, …
|
NVD-CWE-noinfo
|
CVE-2017-5651
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250100
|
7.5 |
HIGH
Network
|
apache
|
tomcat
|
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting f…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2017-5650
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
