|
257721
|
6.5 |
MEDIUM
Network
|
haxx
|
curl
|
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numeri…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000101
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257722
|
6.5 |
MEDIUM
Network
|
haxx
|
libcurl
|
When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the b…
|
CWE-200
Information Exposure
|
CVE-2017-1000100
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257723
|
6.5 |
MEDIUM
Network
|
haxx
|
libcurl
|
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (st…
|
CWE-200
Information Exposure
|
CVE-2017-1000099
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257724
|
7.5 |
HIGH
Network
|
golang
|
go
|
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generat…
|
CWE-769
DEPRECATED: Uncontrolled File Descriptor Consumption
|
CVE-2017-1000098
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257725
|
7.5 |
HIGH
Network
|
golang
|
go
|
On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verif…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-1000097
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257726
|
8.8 |
HIGH
Network
|
jenkins
|
pipeline\
|
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000096
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257727
|
6.5 |
MEDIUM
Network
|
jenkins
|
docker_commons
|
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did…
|
CWE-200
Information Exposure
|
CVE-2017-1000094
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257728
|
6.5 |
MEDIUM
Network
|
jenkins
|
script_security
|
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the ac…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000095
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257729
|
8.8 |
HIGH
Network
|
jenkins
|
poll_scm
|
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a kno…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000093
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257730
|
7.5 |
HIGH
Network
|
jenkins
|
git
|
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a d…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000092
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
