|
257101
|
8.1 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account ta…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-0921
|
2024-11-21 12:03 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257102
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perfor…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2017-0919
|
2024-11-21 12:03 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257103
|
4.7 |
MEDIUM
Local
|
ubnt
|
ucrm
|
Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Succ…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-0913
|
2024-11-21 12:03 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257104
|
5.4 |
MEDIUM
Network
|
ui
|
ucrm
|
Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. …
|
CWE-79
Cross-site Scripting
|
CVE-2017-0912
|
2024-11-21 12:03 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257105
|
6.1 |
MEDIUM
Network
|
html-janitor_project
|
html-janitor
|
html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values.
|
CWE-79
Cross-site Scripting
|
CVE-2017-0931
|
2024-11-21 12:03 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257106
|
6.5 |
MEDIUM
Network
|
augustine_project
|
augustine
|
augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
|
CWE-22
Path Traversal
|
CVE-2017-0930
|
2024-11-21 12:03 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257107
|
6.1 |
MEDIUM
Network
|
theguardian
|
html-janitor
|
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.
|
CWE-642
External Control of Critical State Data
|
CVE-2017-0928
|
2024-11-21 12:03 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257108
|
5.3 |
MEDIUM
Local
|
google
|
android
|
An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061.
|
NVD-CWE-noinfo
|
CVE-2017-0751
|
2024-11-21 12:03 |
2018-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257109
|
5.3 |
MEDIUM
Network
|
google
|
android
|
An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798.
|
CWE-200
Information Exposure
|
CVE-2017-0748
|
2024-11-21 12:03 |
2018-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257110
|
5.3 |
MEDIUM
Local
|
google
|
android
|
An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744.
|
NVD-CWE-noinfo
|
CVE-2017-0744
|
2024-11-21 12:03 |
2018-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
