|
252381
|
8.8 |
HIGH
Network
|
theforeman
redhat
|
foreman
satellite
|
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned system…
|
CWE-269
Improper Privilege Management
|
CVE-2017-2672
|
2024-11-21 12:23 |
2018-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252382
|
7.5 |
HIGH
Network
|
dovecot
debian
|
dovecot
debian_linux
|
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_exp…
|
CWE-20
Improper Input Validation
|
CVE-2017-2669
|
2024-11-21 12:23 |
2018-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252383
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-2598
|
2024-11-21 12:23 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252384
|
7.8 |
HIGH
Local
|
hawt.io
|
hawtio
|
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-2617
|
2024-11-21 12:23 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252385
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of t…
|
CWE-200
Information Exposure
|
CVE-2017-2609
|
2024-11-21 12:23 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252386
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content…
|
CWE-79
Cross-site Scripting
|
CVE-2017-2607
|
2024-11-21 12:23 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252387
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers coul…
|
CWE-352
Origin Validation Error
|
CVE-2017-2613
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252388
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names…
|
CWE-79
Cross-site Scripting
|
CVE-2017-2610
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252389
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
|
CWE-287
Improper Authentication
|
CVE-2017-2604
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252390
|
3.5 |
LOW
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).
|
CWE-200
Information Exposure
|
CVE-2017-2603
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
