|
265801
|
3.5 |
LOW
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been…
|
CWE-200
Information Exposure
|
CVE-2017-0895
|
2024-11-21 12:03 |
2017-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265802
|
4.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars…
|
CWE-863
Incorrect Authorization
|
CVE-2017-0894
|
2024-11-21 12:03 |
2017-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265803
|
5.4 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour cha…
|
CWE-79
Cross-site Scripting
|
CVE-2017-0893
|
2024-11-21 12:03 |
2017-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265804
|
3.5 |
LOW
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.
|
CWE-384
Session Fixation
|
CVE-2017-0892
|
2024-11-21 12:03 |
2017-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265805
|
5.4 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.
|
CWE-79
Cross-site Scripting
|
CVE-2017-0891
|
2024-11-21 12:03 |
2017-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265806
|
5.4 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the s…
|
CWE-79
Cross-site Scripting
|
CVE-2017-0890
|
2024-11-21 12:03 |
2017-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265807
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus…
|
CWE-200
Information Exposure
|
CVE-2017-0586
|
2024-11-21 12:03 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265808
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus…
|
CWE-200
Information Exposure
|
CVE-2017-0585
|
2024-11-21 12:03 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265809
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate becaus…
|
CWE-200
Information Exposure
|
CVE-2017-0584
|
2024-11-21 12:03 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265810
|
7.0 |
HIGH
Local
|
linux
|
linux_kernel
|
An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as …
|
NVD-CWE-noinfo
|
CVE-2017-0583
|
2024-11-21 12:03 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
