Total
1375 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3107 | 2 Pulpproject, Redhat | 3 Pulp, Satellite, Satellite Capsule | 2024-08-05 | N/A |
| The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data. | ||||
| CVE-2016-2121 | 1 Redhat | 1 Openstack | 2024-08-05 | N/A |
| A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information. | ||||
| CVE-2016-2142 | 1 Redhat | 1 Openshift | 2024-08-05 | N/A |
| Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file. | ||||
| CVE-2016-1233 | 1 Debian | 2 Debian Linux, Fuse | 2024-08-05 | N/A |
| An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. | ||||
| CVE-2016-0823 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-08-05 | N/A |
| The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. | ||||
| CVE-2017-1000403 | 1 Jenkins | 1 Speaks\! | 2024-08-05 | N/A |
| Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts. | ||||
| CVE-2017-1000393 | 1 Jenkins | 1 Jenkins | 2024-08-05 | N/A |
| Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators. | ||||
| CVE-2017-1000153 | 1 Mahara | 1 Mahara | 2024-08-05 | N/A |
| Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account. | ||||
| CVE-2017-1000134 | 1 Mahara | 1 Mahara | 2024-08-05 | N/A |
| Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them. | ||||
| CVE-2017-1000096 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-08-05 | N/A |
| Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. | ||||
| CVE-2017-1000095 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-08-05 | N/A |
| The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild['rawBuild'] rather than currentBuild.rawBuild. Additionally, the following entries allowed accessing private data that would not be accessible otherwise due to script security: groovy.json.JsonOutput.toJson(Closure); groovy.json.JsonOutput.toJson(Object). | ||||
| CVE-2017-1000022 | 1 Logicaldoc | 1 Logicaldoc | 2024-08-05 | N/A |
| LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. | ||||
| CVE-2017-18896 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint. | ||||
| CVE-2017-18870 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case. | ||||
| CVE-2017-18878 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session. | ||||
| CVE-2017-18916 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction. | ||||
| CVE-2017-18876 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 4.9 Medium |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file. | ||||
| CVE-2017-18875 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 4.9 Medium |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files. | ||||
| CVE-2017-18910 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. | ||||
| CVE-2017-18886 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 8.8 High |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands. | ||||