|
250101
|
9.1 |
CRITICAL
Network
|
apache
|
tomcat
|
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use th…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2017-5648
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250102
|
7.5 |
HIGH
Network
|
apache
|
tomcat
|
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in…
|
CWE-200
Information Exposure
|
CVE-2017-5647
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250103
|
7.5 |
HIGH
Network
|
canonical
openstack
|
ubuntu_linux
nova-lxd
|
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restriction…
|
NVD-CWE-noinfo
|
CVE-2017-5936
|
2024-11-21 12:28 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250104
|
4.7 |
MEDIUM
Local
|
xmlsoft
|
libxml2
|
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-5969
|
2024-11-21 12:28 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250105
|
6.7 |
MEDIUM
Local
|
unisys
|
secure_partitioning
|
Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2017-5873
|
2024-11-21 12:28 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250106
|
6.5 |
MEDIUM
Network
|
kony
|
enterprise_mobile_management
|
Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request.
|
CWE-200
Information Exposure
|
CVE-2017-5672
|
2024-11-21 12:28 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250107
|
7.5 |
HIGH
Network
|
netapp
|
clustered_data_ontap
|
NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2017-5988
|
2024-11-21 12:28 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250108
|
9.8 |
CRITICAL
Network
|
atlassian
|
jira
|
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-5983
|
2024-11-21 12:28 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250109
|
7.8 |
HIGH
Local
|
schneider-electric
|
interactive_graphical_scada_system
|
A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is na…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-6033
|
2024-11-21 12:28 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250110
|
7.5 |
HIGH
Network
|
schneider-electric
|
conext_combox_865-1058_firmware
|
An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-6019
|
2024-11-21 12:28 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
