|
255571
|
5.9 |
MEDIUM
Network
|
apache
debian
|
tomcat_native
debian_linux
|
When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of …
|
CWE-295
Improper Certificate Validation
|
CVE-2017-15698
|
2024-11-21 12:15 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255572
|
5.0 |
MEDIUM
Local
|
apache
|
nifi
|
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. Th…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-15703
|
2024-11-21 12:15 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255573
|
9.8 |
CRITICAL
Network
|
apache
|
hadoop
|
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
|
NVD-CWE-noinfo
|
CVE-2017-15718
|
2024-11-21 12:15 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255574
|
9.8 |
CRITICAL
Network
|
apache
|
nifi
|
A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on …
|
CWE-20
Improper Input Validation
|
CVE-2017-15697
|
2024-11-21 12:15 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255575
|
6.5 |
MEDIUM
Network
|
apache
|
hadoop
|
Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce …
|
CWE-200
Information Exposure
|
CVE-2017-15713
|
2024-11-21 12:15 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255576
|
6.1 |
MEDIUM
Network
|
livezilla
|
livezilla
|
Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15869
|
2024-11-21 12:15 |
2018-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255577
|
7.5 |
HIGH
Network
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers.
|
CWE-200
Information Exposure
|
CVE-2017-15850
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255578
|
7.8 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potent…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15848
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255579
|
7.0 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel.
|
CWE-362
Race Condition
|
CVE-2017-15847
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255580
|
7.8 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead…
|
CWE-20
CWE-772
Improper Input Validation
Missing Release of Resource after Effective Lifetime
|
CVE-2017-15845
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
