|
258181
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURI…
|
CWE-200
Information Exposure
|
CVE-2017-2600
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258182
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inj…
|
-
|
CVE-2017-2601
|
2024-11-21 12:23 |
2018-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258183
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymo…
|
CWE-200
Information Exposure
|
CVE-2017-2606
|
2024-11-21 12:23 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258184
|
4.3 |
MEDIUM
Network
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permis…
|
CWE-863
Incorrect Authorization
|
CVE-2017-2611
|
2024-11-21 12:23 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258185
|
7.5 |
HIGH
Network
|
hawt
|
hawtio
|
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this…
|
CWE-22
Path Traversal
|
CVE-2017-2594
|
2024-11-21 12:23 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258186
|
5.5 |
MEDIUM
Local
|
openstack
canonical
|
oslo.middleware
ubuntu_linux
|
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error mess…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-2592
|
2024-11-21 12:23 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258187
|
7.5 |
HIGH
Network
|
fedoraproject
redhat
|
389_directory_server
enterprise_linux
|
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An aut…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-2591
|
2024-11-21 12:23 |
2018-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258188
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't ha…
|
CWE-863
Incorrect Authorization
|
CVE-2017-2599
|
2024-11-21 12:23 |
2018-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258189
|
6.5 |
MEDIUM
Network
|
apple
|
safari
iphone_os
tvos
icloud
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue invol…
|
CWE-200
Information Exposure
|
CVE-2017-2493
|
2024-11-21 12:23 |
2018-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258190
|
6.1 |
MEDIUM
Network
|
apple
|
safari
iphone_os
tvos
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It all…
|
CWE-79
Cross-site Scripting
|
CVE-2017-2492
|
2024-11-21 12:23 |
2018-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
