|
247281
|
7.5 |
HIGH
Network
|
atlassian
|
crucible
fisheye
|
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucib…
|
CWE-22
Path Traversal
|
CVE-2017-9511
|
2024-11-21 12:36 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247282
|
7.5 |
HIGH
Network
|
atlassian
|
crucible
fisheye
|
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committe…
|
CWE-200
Information Exposure
|
CVE-2017-9512
|
2024-11-21 12:36 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247283
|
5.4 |
MEDIUM
Network
|
atlassian
|
fisheye
|
The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the s…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9510
|
2024-11-21 12:36 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247284
|
5.4 |
MEDIUM
Network
|
atlassian
|
crucible
fisheye
|
The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the ch…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9509
|
2024-11-21 12:36 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247285
|
5.4 |
MEDIUM
Network
|
atlassian
|
crucible
fisheye
|
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name …
|
CWE-79
Cross-site Scripting
|
CVE-2017-9508
|
2024-11-21 12:36 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247286
|
5.4 |
MEDIUM
Network
|
atlassian
|
crucible
fisheye
|
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerabili…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9507
|
2024-11-21 12:36 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247287
|
6.1 |
MEDIUM
Network
|
atlassian
|
oauth
|
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-9506
|
2024-11-21 12:36 |
2017-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247288
|
8.1 |
HIGH
Network
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2017-9685
|
2024-11-21 12:36 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247289
|
7.0 |
HIGH
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2017-9684
|
2024-11-21 12:36 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247290
|
4.7 |
MEDIUM
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.
|
CWE-200
CWE-362
Information Exposure
Race Condition
|
CVE-2017-9682
|
2024-11-21 12:36 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
