|
264801
|
9.8 |
CRITICAL
Network
|
oracle
|
glassfish_server
|
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain te…
|
CWE-287
Improper Authentication
|
CVE-2017-1000030
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264802
|
7.5 |
HIGH
Network
|
oracle
|
glassfish_server
|
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability …
|
CWE-200
Information Exposure
|
CVE-2017-1000029
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264803
|
7.5 |
HIGH
Network
|
oracle
|
glassfish_server
|
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP G…
|
CWE-22
Path Traversal
|
CVE-2017-1000028
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264804
|
6.1 |
MEDIUM
Network
|
koozali
|
sme_server
|
Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access.
|
CWE-601
Open Redirect
|
CVE-2017-1000027
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264805
|
7.5 |
HIGH
Network
|
c-ares_project
c-ares
nodejs
|
c-ares
node.js
|
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was…
|
CWE-200
Information Exposure
|
CVE-2017-1000381
|
2024-11-21 12:04 |
2017-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264806
|
9.8 |
CRITICAL
Network
|
systemd_project
|
systemd
|
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
|
CWE-269
Improper Privilege Management
|
CVE-2017-1000082
|
2024-11-21 12:04 |
2017-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264807
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Lin…
|
NVD-CWE-noinfo
|
CVE-2017-1000379
|
2024-11-21 12:04 |
2017-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264808
|
9.8 |
CRITICAL
Network
|
netbsd
|
netbsd
|
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allow…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-1000378
|
2024-11-21 12:04 |
2017-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264809
|
5.9 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not suff…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000377
|
2024-11-21 12:04 |
2017-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264810
|
9.8 |
CRITICAL
Network
|
netbsd
|
netbsd
|
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This a…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000375
|
2024-11-21 12:04 |
2017-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
