|
265871
|
6.5 |
MEDIUM
Network
|
jenkins
|
subversion
|
Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000085
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265872
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related…
|
CWE-20
CWE-617
Improper Input Validation
Reachable Assertion
|
CVE-2017-1000252
|
2024-11-21 12:04 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265873
|
7.5 |
HIGH
Network
|
redhat
|
pagure
|
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
|
CWE-862
Missing Authorization
|
CVE-2017-1002151
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265874
|
6.1 |
MEDIUM
Network
|
fedoraproject
|
python-fedora
|
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection
|
CWE-601
Open Redirect
|
CVE-2017-1002150
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265875
|
6.5 |
MEDIUM
Network
|
kubernetes
|
kubernetes
|
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed witho…
|
CWE-200
Information Exposure
|
CVE-2017-1002100
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265876
|
9.8 |
CRITICAL
Network
|
angrybyte
|
gallery-transformation
|
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed i…
|
CWE-89
SQL Injection
|
CVE-2017-1002028
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265877
|
9.8 |
CRITICAL
Network
|
rayanehdownload
|
rk-responsive-contact-form
|
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.…
|
CWE-89
SQL Injection
|
CVE-2017-1002027
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265878
|
8.8 |
HIGH
Network
|
eventespresso
|
event_espresso
|
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statemen…
|
CWE-89
SQL Injection
|
CVE-2017-1002026
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265879
|
7.2 |
HIGH
Network
|
add-edit-delete-listing-for-member-module_project
|
add-edit-delete-listing-for-member-module
|
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.
|
CWE-89
SQL Injection
|
CVE-2017-1002025
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265880
|
4.3 |
MEDIUM
Network
|
kindsoft
|
kind_editor
kindeditor
|
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.
|
CWE-287
Improper Authentication
|
CVE-2017-1002024
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
