|
256941
|
3.3 |
LOW
Local
|
jenkins
|
git_client
|
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure
|
CWE-200
Information Exposure
|
CVE-2017-1000242
|
2024-11-21 12:04 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256942
|
9.1 |
CRITICAL
Network
|
haxx
debian
|
libcurl
debian_linux
|
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000257
|
2024-11-21 12:04 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256943
|
5.5 |
MEDIUM
Local
|
gnu
|
emacs
|
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible…
|
CWE-200
Information Exposure
|
CVE-2017-1000383
|
2024-11-21 12:04 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256944
|
5.5 |
MEDIUM
Local
|
vim
|
vim
|
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways…
|
CWE-200
Information Exposure
|
CVE-2017-1000382
|
2024-11-21 12:04 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256945
|
8.1 |
HIGH
Network
|
redhat
debian
|
libvirt
debian_linux
|
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
|
CWE-295
Improper Certificate Validation
|
CVE-2017-1000256
|
2024-11-21 12:04 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256946
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *fro…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-1000255
|
2024-11-21 12:04 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256947
|
7.5 |
HIGH
Network
|
koji_project
|
koji
|
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
|
CWE-20
Improper Input Validation
|
CVE-2017-1002153
|
2024-11-21 12:04 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256948
|
7.5 |
HIGH
Network
|
haxx
|
libcurl
|
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory wi…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000254
|
2024-11-21 12:04 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256949
|
8.8 |
HIGH
Network
|
frappe
|
frappe
|
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
|
CWE-89
SQL Injection
|
CVE-2017-1000120
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256950
|
7.2 |
HIGH
Network
|
octobercms
|
october
|
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-1000119
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
