|
250291
|
7.5 |
HIGH
Network
|
canonical
openstack
|
ubuntu_linux
nova-lxd
|
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restriction…
|
NVD-CWE-noinfo
|
CVE-2017-5936
|
2024-11-21 12:28 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250292
|
4.7 |
MEDIUM
Local
|
xmlsoft
|
libxml2
|
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-5969
|
2024-11-21 12:28 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250293
|
6.7 |
MEDIUM
Local
|
unisys
|
secure_partitioning
|
Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2017-5873
|
2024-11-21 12:28 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250294
|
6.5 |
MEDIUM
Network
|
kony
|
enterprise_mobile_management
|
Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request.
|
CWE-200
Information Exposure
|
CVE-2017-5672
|
2024-11-21 12:28 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250295
|
7.5 |
HIGH
Network
|
netapp
|
clustered_data_ontap
|
NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2017-5988
|
2024-11-21 12:28 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250296
|
9.8 |
CRITICAL
Network
|
atlassian
|
jira
|
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-5983
|
2024-11-21 12:28 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250297
|
7.8 |
HIGH
Local
|
schneider-electric
|
interactive_graphical_scada_system
|
A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is na…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-6033
|
2024-11-21 12:28 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250298
|
7.5 |
HIGH
Network
|
schneider-electric
|
conext_combox_865-1058_firmware
|
An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-6019
|
2024-11-21 12:28 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250299
|
7.5 |
HIGH
Network
|
starscream_project
|
starscream
|
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).
|
CWE-295
Improper Certificate Validation
|
CVE-2017-5887
|
2024-11-21 12:28 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250300
|
7.5 |
HIGH
Network
|
apache
|
geode
|
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the…
|
CWE-200
Information Exposure
|
CVE-2017-5649
|
2024-11-21 12:28 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
