CVE-2017-15104
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
Source: CVE-2017-15104
[월:] 2017년 12월
CVE-2017-15103
CVE-2017-15103
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.
Source: CVE-2017-15103
CVE-2017-17721
CVE-2017-17721
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.
Source: CVE-2017-17721
CVE-2017-14583
CVE-2017-14583
NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.
Source: CVE-2017-14583
CVE-2017-12630
CVE-2017-12630
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.
Source: CVE-2017-12630
CVE-2017-17651
CVE-2017-17651
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.
Source: CVE-2017-17651
CVE-2017-17649
CVE-2017-17649
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
Source: CVE-2017-17649
CVE-2017-17645
CVE-2017-17645
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.
Source: CVE-2017-17645
CVE-2017-17643
CVE-2017-17643
FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.
Source: CVE-2017-17643
CVE-2017-17741
CVE-2017-17741
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to cause a denial of service (write_mmio stack-based out-of-bounds read) or possibly have unspecified other impact, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
Source: CVE-2017-17741