|
257841
|
8.1 |
HIGH
Network
|
apache
|
zeppelin
|
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".
|
CWE-384
Session Fixation
|
CVE-2017-12619
|
2024-11-21 12:09 |
2019-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257842
|
7.8 |
HIGH
Local
|
gnome
|
gdk-pixbuf
nautilus
|
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impa…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12447
|
2024-11-21 12:09 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257843
|
9.8 |
CRITICAL
Network
|
planex
|
cs-qr20_firmware
smacam_night_vision
|
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemC…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-12577
|
2024-11-21 12:09 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257844
|
7.2 |
HIGH
Network
|
planex
|
cs-qr20_firmware
|
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2017-12576
|
2024-11-21 12:09 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257845
|
7.5 |
HIGH
Network
|
aterm
|
wg2600hp2_firmware
|
An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker co…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2017-12575
|
2024-11-21 12:09 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257846
|
9.8 |
CRITICAL
Network
|
planex
|
cs-w50hd_firmware
|
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-12574
|
2024-11-21 12:09 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257847
|
8.8 |
HIGH
Network
|
planex
|
cs-w50hd_firmware
|
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". A…
|
NVD-CWE-noinfo
|
CVE-2017-12573
|
2024-11-21 12:09 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257848
|
6.1 |
MEDIUM
Network
|
apache
|
airflow
|
It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other br…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12614
|
2024-11-21 12:09 |
2018-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257849
|
4.8 |
MEDIUM
Network
|
redhat
|
openshift_container_platform
|
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later ac…
|
-
|
CVE-2017-12195
|
2024-11-21 12:09 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257850
|
6.8 |
MEDIUM
Network
|
apache
|
kafka
|
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication w…
|
CWE-287
Improper Authentication
|
CVE-2017-12610
|
2024-11-21 12:09 |
2018-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
