Total
1004 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-1000485 | 1 Nylas Mail Lives Project | 1 Nylas Mail | 2019-10-02 | 2.1 LOW | 7.8 HIGH |
Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations. | |||||
CVE-2017-1000461 | 1 Brave | 1 Browser | 2019-10-02 | 4.3 MEDIUM | 4.7 MEDIUM |
Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block). | |||||
CVE-2017-1000403 | 1 Jenkins | 1 Speaks\! | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts. | |||||
CVE-2017-1000221 | 1 Apereo | 1 Opencast | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X. | |||||
CVE-2017-1000153 | 1 Mahara | 1 Mahara | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account. | |||||
CVE-2017-1000134 | 1 Mahara | 1 Mahara | 2019-10-02 | 6.5 MEDIUM | 8.1 HIGH |
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them. | |||||
CVE-2017-1000125 | 1 Codiad | 1 Codiad | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | |||||
CVE-2017-1000095 | 1 Jenkins | 1 Script Security | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild['rawBuild'] rather than currentBuild.rawBuild. Additionally, the following entries allowed accessing private data that would not be accessible otherwise due to script security: groovy.json.JsonOutput.toJson(Closure); groovy.json.JsonOutput.toJson(Object). | |||||
CVE-2017-1000022 | 1 Logicaldoc | 1 Logicaldoc | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. | |||||
CVE-2017-0913 | 1 Ubnt | 1 Ucrm | 2019-10-02 | 1.9 LOW | 4.7 MEDIUM |
Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization". | |||||
CVE-2017-0845 | 1 Google | 1 Android | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827. | |||||
CVE-2017-0831 | 1 Google | 1 Android | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Android framework (window manager). Product: Android. Versions: 8.0. Android ID: A-37442941. | |||||
CVE-2017-0830 | 1 Google | 1 Android | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498. | |||||
CVE-2017-0784 | 1 Google | 1 Android | 2019-10-02 | 5.8 MEDIUM | 8.8 HIGH |
A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958. | |||||
CVE-2017-0752 | 1 Google | 1 Android | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835. | |||||
CVE-2017-0703 | 1 Google | 1 Android | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882. | |||||
CVE-2017-1000096 | 1 Jenkins | 1 Pipeline\ | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. | |||||
CVE-2017-0601 | 1 Google | 1 Android | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579. | |||||
CVE-2017-0593 | 1 Google | 1 Android | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230. | |||||
CVE-2017-0423 | 1 Google | 1 Android | 2019-10-02 | 2.9 LOW | 5.3 MEDIUM |
An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586. |