|
246871
|
8.8 |
HIGH
Network
|
opensuse
|
leap
|
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrad…
|
NVD-CWE-noinfo
|
CVE-2017-9286
|
2024-11-21 12:35 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246872
|
7.8 |
HIGH
Local
|
opensuse
|
obs-service-source_validator
|
A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.
|
CWE-78
OS Command
|
CVE-2017-9274
|
2024-11-21 12:35 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246873
|
3.3 |
LOW
Local
|
opensuse
fedoraproject
|
zypper
fedora
|
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-9271
|
2024-11-21 12:35 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246874
|
9.1 |
CRITICAL
Network
|
opensuse
|
cryptctl
|
In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database.
|
CWE-20
Improper Input Validation
|
CVE-2017-9270
|
2024-11-21 12:35 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246875
|
9.8 |
CRITICAL
Network
|
opensuse
|
libzypp
|
In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential mali…
|
CWE-20
Improper Input Validation
|
CVE-2017-9269
|
2024-11-21 12:35 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246876
|
6.5 |
MEDIUM
Network
|
opensuse
|
open_build_service
|
In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did n…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-9268
|
2024-11-21 12:35 |
2018-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246877
|
5.4 |
MEDIUM
Network
|
microfocus
|
project_and_portfolio_management
|
A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8993
|
2024-11-21 12:35 |
2018-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246878
|
5.3 |
MEDIUM
Local
|
hp
|
xp_storage_hitachi_global_link_manager
|
HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00.
|
CWE-200
Information Exposure
|
CVE-2017-8985
|
2024-11-21 12:35 |
2018-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246879
|
8.8 |
HIGH
Network
|
hp
|
intelligent_management_center
|
A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found.
|
NVD-CWE-noinfo
|
CVE-2017-8984
|
2024-11-21 12:35 |
2018-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246880
|
8.8 |
HIGH
Network
|
hp
|
intelligent_management_center
|
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.
|
CWE-20
Improper Input Validation
|
CVE-2017-8983
|
2024-11-21 12:35 |
2018-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
