|
255761
|
9.8 |
CRITICAL
Network
|
apache
|
hadoop
|
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
|
NVD-CWE-noinfo
|
CVE-2017-15718
|
2024-11-21 12:15 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255762
|
9.8 |
CRITICAL
Network
|
apache
|
nifi
|
A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on …
|
CWE-20
Improper Input Validation
|
CVE-2017-15697
|
2024-11-21 12:15 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255763
|
6.5 |
MEDIUM
Network
|
apache
|
hadoop
|
Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce …
|
CWE-200
Information Exposure
|
CVE-2017-15713
|
2024-11-21 12:15 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255764
|
6.1 |
MEDIUM
Network
|
livezilla
|
livezilla
|
Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15869
|
2024-11-21 12:15 |
2018-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255765
|
7.5 |
HIGH
Network
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers.
|
CWE-200
Information Exposure
|
CVE-2017-15850
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255766
|
7.8 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potent…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15848
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255767
|
7.0 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel.
|
CWE-362
Race Condition
|
CVE-2017-15847
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255768
|
7.8 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead…
|
CWE-20
CWE-772
Improper Input Validation
Missing Release of Resource after Effective Lifetime
|
CVE-2017-15845
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255769
|
7.8 |
HIGH
Local
|
google
|
android
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulti…
|
CWE-416
Use After Free
|
CVE-2017-15849
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255770
|
6.1 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is conf…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15941
|
2024-11-21 12:15 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
