|
249831
|
4.7 |
MEDIUM
Local
|
xmlsoft
|
libxml2
|
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-5969
|
2024-11-21 12:28 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249832
|
6.7 |
MEDIUM
Local
|
unisys
|
secure_partitioning
|
Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2017-5873
|
2024-11-21 12:28 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249833
|
6.5 |
MEDIUM
Network
|
kony
|
enterprise_mobile_management
|
Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request.
|
CWE-200
Information Exposure
|
CVE-2017-5672
|
2024-11-21 12:28 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249834
|
7.5 |
HIGH
Network
|
netapp
|
clustered_data_ontap
|
NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2017-5988
|
2024-11-21 12:28 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249835
|
9.8 |
CRITICAL
Network
|
atlassian
|
jira
|
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-5983
|
2024-11-21 12:28 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249836
|
7.8 |
HIGH
Local
|
schneider-electric
|
interactive_graphical_scada_system
|
A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is na…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-6033
|
2024-11-21 12:28 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249837
|
7.5 |
HIGH
Network
|
schneider-electric
|
conext_combox_865-1058_firmware
|
An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-6019
|
2024-11-21 12:28 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249838
|
7.5 |
HIGH
Network
|
starscream_project
|
starscream
|
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).
|
CWE-295
Improper Certificate Validation
|
CVE-2017-5887
|
2024-11-21 12:28 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249839
|
7.5 |
HIGH
Network
|
apache
|
geode
|
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the…
|
CWE-200
Information Exposure
|
CVE-2017-5649
|
2024-11-21 12:28 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249840
|
4.6 |
MEDIUM
Physics
|
riverbed
|
rios
|
Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw di…
|
CWE-200
Information Exposure
|
CVE-2017-5670
|
2024-11-21 12:28 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
