|
252131
|
6.5 |
MEDIUM
Network
|
redhat
|
libvirt
|
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial o…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-2635
|
2024-11-21 12:23 |
2018-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252132
|
6.5 |
MEDIUM
Network
|
libbpg_project
|
libbpg
|
A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeare…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-2575
|
2024-11-21 12:23 |
2018-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252133
|
8.2 |
HIGH
Local
|
redhat
openstack
|
openstack
tripleo-common
|
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. …
|
CWE-22
Path Traversal
|
CVE-2017-2627
|
2024-11-21 12:23 |
2018-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252134
|
4.3 |
MEDIUM
Network
|
theforeman
|
katello
|
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respe…
|
-
|
CVE-2017-2662
|
2024-11-21 12:23 |
2018-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252135
|
5.3 |
MEDIUM
Network
|
jenkins
|
email_extension
|
jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, li…
|
CWE-200
Information Exposure
|
CVE-2017-2654
|
2024-11-21 12:23 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252136
|
7.8 |
HIGH
Local
|
redhat
|
subscription-manager
|
It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local a…
|
NVD-CWE-noinfo
|
CVE-2017-2663
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252137
|
8.8 |
HIGH
Network
|
jenkins
|
distributed_fork
|
It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Ov…
|
CWE-287
Improper Authentication
|
CVE-2017-2652
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252138
|
8.5 |
HIGH
Network
|
jenkins
|
pipeline_classpath_step
|
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permiss…
|
NVD-CWE-noinfo
|
CVE-2017-2650
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252139
|
8.1 |
HIGH
Network
|
jenkins
|
active_directory
|
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
|
CWE-295
Improper Certificate Validation
|
CVE-2017-2649
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252140
|
5.6 |
MEDIUM
Network
|
jenkins
|
ssh_slaves
|
It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.
|
CWE-295
Improper Certificate Validation
|
CVE-2017-2648
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
