|
199371
|
6.1 |
MEDIUM
Network
|
mautic
|
mautic
|
Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000506
|
2024-11-21 12:04 |
2018-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199372
|
7.0 |
HIGH
Local
|
gnu
|
glibc
|
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to th…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000409
|
2024-11-21 12:04 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199373
|
7.8 |
HIGH
Local
|
gnu
|
glibc
|
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-1000408
|
2024-11-21 12:04 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199374
|
7.5 |
HIGH
Network
|
opendaylight
|
opendaylight
openflow
|
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE w…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2017-1000411
|
2024-11-21 12:04 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199375
|
6.5 |
MEDIUM
Network
|
mahara
|
mahara
|
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address,…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-1000141
|
2024-11-21 12:04 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199376
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an …
|
CWE-352
Origin Validation Error
|
CVE-2017-1000356
|
2024-11-21 12:04 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199377
|
6.5 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000355
|
2024-11-21 12:04 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199378
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based…
|
CWE-287
Improper Authentication
|
CVE-2017-1000354
|
2024-11-21 12:04 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199379
|
9.8 |
CRITICAL
Network
|
jenkins
oracle
|
jenkins
communications_cloud_native_core_automated_test_suite
|
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attacker…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000353
|
2024-11-21 12:04 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199380
|
6.1 |
MEDIUM
Network
|
jenkins
|
delivery_pipeline
|
The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability thro…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000404
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
