cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0001

2017-03-16T20:59:00.167-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 96057 SECTRACK 1038002 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0001 The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047.

cpe:/a:microsoft:edge

CVE-2017-0002

2017-01-10T16:59:00.133-05:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 95284 SECTRACK 1037573 MS MS17-001 Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."

cpe:/a:microsoft:sharepoint_enterprise_server:2016 cpe:/a:microsoft:word:2016

CVE-2017-0003

2017-01-10T16:59:00.167-05:00

2018-10-12T18:15:06.503-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://fortiguard.com/advisory/FG-VD-16-079 BID 95287 SECTRACK 1037568 SECTRACK 1037569 MS MS17-002 Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista:-:sp2

CVE-2017-0004

2017-01-10T16:59:00.197-05:00

2018-10-12T18:15:06.877-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 95318 SECTRACK 1037571 MS MS17-004 The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."

CVE-2017-0005

2017-03-16T20:59:00.197-04:00

2019-10-02T20:03:26.223-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96033 SECTRACK 1038002 CONFIRM https://blogs.technet.microsoft.com/mmpc/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/ CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0005 The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047.

cpe:/a:microsoft:excel:2007:sp3 cpe:/a:microsoft:excel_viewer cpe:/a:microsoft:office_compatibility_pack::sp3 cpe:/a:microsoft:sharepoint_server:2007:sp3

CVE-2017-0006

2017-03-16T20:59:00.227-04:00

2017-07-11T21:29:03.707-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96740 SECTRACK 1038010 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006 Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2016

CVE-2017-0007

2017-03-16T20:59:00.257-04:00

2017-07-11T21:29:03.753-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96018 SECTRACK 1038001 MISC https://enigma0x3.net/2017/04/03/defeating-device-guard-a-look-into-cve-2017-0007/ CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0007 Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability."

cpe:/a:microsoft:internet_explorer:9 cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:11

CVE-2017-0008

2017-03-16T20:59:00.290-04:00

2017-07-11T21:29:03.817-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96073 SECTRACK 1038008 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008 Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059.

cpe:/a:microsoft:internet_explorer:9 cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:11

CVE-2017-0009

2017-03-16T20:59:00.320-04:00

2017-07-11T21:29:03.863-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://www.security-assessment.com/files/documents/advisory/comparestring_infoleak.pdf BID 96077 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0009 Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.

cpe:/a:microsoft:edge:-

CVE-2017-0010

2017-03-16T20:59:00.353-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96059 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0010 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/a:microsoft:edge

CVE-2017-0011

2017-03-16T20:59:00.383-04:00

2017-07-11T21:29:03.973-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96064 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0011 Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.

cpe:/a:microsoft:edge cpe:/a:microsoft:internet_explorer:11

CVE-2017-0012

2017-03-16T20:59:00.417-04:00

2017-07-11T21:29:04.037-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96085 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0012 Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069.

cpe:/a:microsoft:office:2010:sp2 cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0014

2017-03-16T20:59:00.447-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96013 SECTRACK 1038002 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014 MISC https://secuniaresearch.flexerasoftware.com/secunia_research/2017-9/ The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0108.

cpe:/a:microsoft:edge:-

CVE-2017-0015

2017-03-16T20:59:00.477-04:00

2017-07-11T21:29:04.143-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96079 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0015 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0016

2017-03-16T20:59:00.507-04:00

2017-07-24T21:29:04.187-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 95969 SECTRACK 1037767 SECTRACK 1038001 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0016 Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allows remote attackers to execute arbitrary code via a crafted SMBv2 or SMBv3 packet to the Server service, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability."

cpe:/a:microsoft:edge

CVE-2017-0017

2017-03-16T20:59:00.523-04:00

2017-07-11T21:29:04.253-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96078 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0017 The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0065, and CVE-2017-0068.

cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:11

CVE-2017-0018

2017-03-16T20:59:00.557-04:00

2017-07-11T21:29:04.300-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96086 SECTRACK 1038008 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018 Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149.

cpe:/a:microsoft:word:2016

CVE-2017-0019

2017-03-16T20:59:00.587-04:00

2017-07-11T21:29:04.347-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96042 SECTRACK 1038010 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0019 Microsoft Word 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.

cpe:/a:microsoft:excel:2010:sp2 cpe:/a:microsoft:excel:2013:sp1:~~rt~~~ cpe:/a:microsoft:excel:2016 cpe:/a:microsoft:office_web_apps:2013:sp1

CVE-2017-0020

2017-03-16T20:59:00.617-04:00

2017-07-11T21:29:04.393-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96050 SECTRACK 1038010 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0020 Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.

cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2016

CVE-2017-0021

2017-03-16T20:59:00.650-04:00

2019-10-02T20:03:26.223-04:00

7.7

ADJACENT_NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov BID 96020 SECTRACK 1037999 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021 Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in CVE-2017-0095.

CVE-2017-0022

2017-03-16T20:59:00.680-04:00

2017-09-27T21:29:00.967-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96069 SECTRACK 1038014 MISC https://0patch.blogspot.com/2017/09/exploit-kit-rendezvous-and-cve-2017-0022.html CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022 Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability."

cpe:/a:microsoft:edge cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2

CVE-2017-0023

2017-03-16T20:59:00.713-04:00

2018-10-17T13:07:10.357-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2018-10-17T12:43:00.337-04:00

BID 96075 SECTRACK 1037989 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0023 The PDF library in Microsoft Edge; Windows 8.1; Windows Server 2012 and R2; Windows RT 8.1; and Windows 10, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2016

CVE-2017-0024

2017-03-16T20:59:00.743-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 96029 SECTRACK 1038017 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0024 The kernel-mode drivers in Microsoft Windows 10 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.

CVE-2017-0025

2017-03-16T20:59:00.773-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 96626 SECTRACK 1038002 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0025 The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005, and CVE-2017-0047.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2016

CVE-2017-0026

2017-03-16T20:59:00.820-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 96032 SECTRACK 1038017 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0026 The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.

cpe:/a:microsoft:excel:2007:sp3 cpe:/a:microsoft:excel:2010:sp2:~~~~x64~ cpe:/a:microsoft:excel:2013:sp1:~~rt~~~ cpe:/a:microsoft:excel:2016 cpe:/a:microsoft:office_compatibility_pack::sp3 cpe:/a:microsoft:sharepoint_server:2013:sp1

CVE-2017-0027

2017-03-16T20:59:00.837-04:00

2017-07-11T21:29:04.690-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96043 SECTRACK 1038010 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

cpe:/a:microsoft:edge

CVE-2017-0028

2017-07-17T09:18:08.547-04:00

2017-08-04T09:54:59.937-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-07-20T14:18:19.440-04:00

CONFIRM https://github.com/Microsoft/ChakraCore/commit/402f3d967c0a905ec5b9ca9c240783d3f2c15724 A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."

cpe:/a:microsoft:office:2010:sp2 cpe:/a:microsoft:word:2010:sp2 cpe:/a:microsoft:word:2013:sp1:~~rt~~~ cpe:/a:microsoft:word:2016

CVE-2017-0029

2017-03-16T20:59:00.867-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 96045 SECTRACK 1038010 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0029 Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."

cpe:/a:microsoft:office:2010:sp2 cpe:/a:microsoft:office_compatibility_pack::sp3 cpe:/a:microsoft:office_web_apps:2010:sp2 cpe:/a:microsoft:sharepoint_server:2010:sp2 cpe:/a:microsoft:word:2007:sp3 cpe:/a:microsoft:word:2010:sp2

CVE-2017-0030

2017-03-16T20:59:00.900-04:00

2017-07-11T21:29:04.787-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96051 SECTRACK 1038010 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030 Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.

cpe:/a:microsoft:office:2010:sp2 cpe:/a:microsoft:office_compatibility_pack::sp3 cpe:/a:microsoft:word:2007:sp3 cpe:/a:microsoft:word:2010:sp2

CVE-2017-0031

2017-03-16T20:59:00.930-04:00

2017-07-11T21:29:04.833-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96052 SECTRACK 1038010 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0031 Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0052, and CVE-2017-0053.

cpe:/a:microsoft:edge:-

CVE-2017-0032

2017-03-16T20:59:00.963-04:00

2017-07-11T21:29:04.893-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96080 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0032 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/a:microsoft:edge cpe:/a:microsoft:internet_explorer:11

CVE-2017-0033

2017-03-16T20:59:01.007-04:00

2017-07-11T21:29:04.957-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96087 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0033 Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069.

cpe:/a:microsoft:edge

CVE-2017-0034

2017-03-16T20:59:01.040-04:00

2017-07-11T21:29:05.003-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96786 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0034 A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

cpe:/a:microsoft:edge:-

CVE-2017-0035

2017-03-16T20:59:01.070-04:00

2017-07-11T21:29:05.067-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96082 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0035 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/a:microsoft:edge cpe:/a:microsoft:internet_explorer:11

CVE-2017-0037

2017-02-26T18:59:00.150-05:00

2017-11-18T21:29:00.410-05:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96088 SECTRACK 1037905 SECTRACK 1037906 MISC https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html MISC https://bugs.chromium.org/p/project-zero/issues/detail?id=1011 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037 EXPLOIT-DB 41454 EXPLOIT-DB 42354 EXPLOIT-DB 43125 Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

CVE-2017-0038

2017-02-20T11:59:00.143-05:00

2017-08-31T21:29:32.617-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96023 SECTRACK 1037845 MISC https://0patch.blogspot.com/2017/02/0patching-0-day-windows-gdi32dll-memory.html MISC https://bugs.chromium.org/p/project-zero/issues/detail?id=992 MISC https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0038 EXPLOIT-DB 41363 gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.

cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0039

2017-03-16T20:59:01.103-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96024 SECTRACK 1038001 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0039 Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle dynamic link library (DLL) loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Execution Vulnerability."

cpe:/a:microsoft:internet_explorer:9 cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:11

CVE-2017-0040

2017-03-16T20:59:01.133-04:00

2017-07-11T21:29:05.160-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov MISC http://www.security-assessment.com/files/documents/advisory/reversesegment.pdf BID 96094 SECTRACK 1038008 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0040 The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." This vulnerability is different from that described in CVE-2017-0130.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0042

2017-03-16T20:59:01.167-04:00

2017-07-11T21:29:05.223-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://pastebin.com/raw/Eztknq4s BID 96098 SECTRACK 1038016 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0042 MISC https://twitter.com/Qab/status/842506404950917120 Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "Windows Media Player Information Disclosure Vulnerability."

cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0043

2017-03-16T20:59:01.197-04:00

2017-07-11T21:29:05.270-04:00

2.9

ADJACENT_NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96628 SECTRACK 1038018 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0043 Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Federation Services Information Disclosure Vulnerability."

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0045

2017-03-16T20:59:01.227-04:00

2017-08-15T21:29:11.617-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DVD-MAKER-XML-EXTERNAL-ENTITY-FILE-DISCLOSURE.txt BID 96103 SECTRACK 1038015 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0045 EXPLOIT-DB 41619 Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability."

CVE-2017-0047

2017-03-16T20:59:01.243-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 96034 SECTRACK 1038002 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0047 The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005 and CVE-2017-0025.

cpe:/a:microsoft:internet_explorer:11

CVE-2017-0049

2017-03-16T20:59:01.273-04:00

2017-07-11T21:29:05.440-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96095 SECTRACK 1038008 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0049 The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0050

2017-03-16T20:59:01.307-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 96025 SECTRACK 1038013 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0050 The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."

cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2016

CVE-2017-0051

2017-03-16T20:59:01.337-04:00

2019-10-02T20:03:26.223-04:00

2.9

ADJACENT_NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 96026 SECTRACK 1037999 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0051 Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, and CVE-2017-0099.

cpe:/a:microsoft:excel:2007:sp3 cpe:/a:microsoft:excel_viewer cpe:/a:microsoft:office_compatibility_pack::sp3 cpe:/a:microsoft:sharepoint_server:2007:sp3

CVE-2017-0052

2017-03-16T20:59:01.367-04:00

2017-07-11T21:29:05.567-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96741 SECTRACK 1038010 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0052 Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053.

cpe:/a:microsoft:office:2010:sp2 cpe:/a:microsoft:office_compatibility_pack::sp3 cpe:/a:microsoft:word:2007:sp3 cpe:/a:microsoft:word:2010:sp2 cpe:/a:microsoft:word:2013:sp1 cpe:/a:microsoft:word:2013:sp1:~~rt~~~ cpe:/a:microsoft:word:2016 cpe:/a:microsoft:word_viewer

CVE-2017-0053

2017-03-16T20:59:01.400-04:00

2017-07-11T21:29:05.613-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96745 SECTRACK 1038010 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053 Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0055

2017-03-16T20:59:01.430-04:00

2017-07-11T21:29:05.660-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96622 SECTRACK 1038012 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0055 Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft IIS Server XSS Elevation of Privilege Vulnerability."

CVE-2017-0056

2017-03-16T20:59:01.463-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 96630 SECTRACK 1038017 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0056 The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082.

CVE-2017-0057

2017-03-16T20:59:01.493-04:00

2017-07-11T21:29:05.800-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96695 SECTRACK 1038001 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0057 DNS client in Microsoft Windows 8.1; Windows Server 2012 R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 fails to properly process DNS queries, which allows remote attackers to obtain sensitive information via (1) convincing a workstation user to visit an untrusted webpage or (2) tricking a server into sending a DNS query to a malicious DNS server, aka "Windows DNS Query Information Disclosure Vulnerability."

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0058

2017-04-12T10:59:00.170-04:00

2017-08-15T21:29:11.757-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97462 SECTRACK 1038239 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0058 EXPLOIT-DB 41879 A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability."

cpe:/a:microsoft:internet_explorer:9 cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:11

CVE-2017-0059

2017-03-16T20:59:01.523-04:00

2017-11-18T21:29:00.487-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96645 SECTRACK 1038008 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0059 EXPLOIT-DB 41661 EXPLOIT-DB 42354 EXPLOIT-DB 43125 Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.

CVE-2017-0060

2017-03-16T20:59:01.557-04:00

2017-08-15T21:29:11.913-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96713 SECTRACK 1038002 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060 EXPLOIT-DB 41656 The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0061

2017-03-16T20:59:01.570-04:00

2017-08-15T21:29:11.977-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96638 SECTRACK 1038002 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0061 EXPLOIT-DB 41657 The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0063.

CVE-2017-0062

2017-03-16T20:59:01.603-04:00

2017-08-15T21:29:12.023-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96715 SECTRACK 1038002 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0062 EXPLOIT-DB 41658 The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0073.

CVE-2017-0063

2017-03-16T20:59:01.633-04:00

2017-08-15T21:29:12.087-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96643 SECTRACK 1038002 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0063 EXPLOIT-DB 41659 The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0061.

cpe:/a:microsoft:internet_explorer:9 cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:11

CVE-2017-0064

2017-05-12T10:29:00.753-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98121 SECTRACK 1038447 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0064 A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka "Internet Explorer Security Feature Bypass Vulnerability."

cpe:/a:microsoft:edge

CVE-2017-0065

2017-03-16T20:59:01.680-04:00

2017-07-11T21:29:06.113-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96648 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0065 Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0068.

cpe:/a:microsoft:edge

CVE-2017-0066

2017-03-16T20:59:01.697-04:00

2019-10-02T20:03:26.223-04:00

4.0

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96655 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0066 Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140.

cpe:/a:microsoft:edge:-

CVE-2017-0067

2017-03-16T20:59:01.727-04:00

2017-07-11T21:29:06.207-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96662 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0067 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/a:microsoft:edge

CVE-2017-0068

2017-03-16T20:59:01.757-04:00

2017-07-11T21:29:06.253-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96649 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0068 Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0065.

cpe:/a:microsoft:edge

CVE-2017-0069

2017-03-16T20:59:01.790-04:00

2017-07-11T21:29:06.300-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96650 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0069 Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0033.

cpe:/a:microsoft:edge:-

CVE-2017-0070

2017-03-16T20:59:01.820-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96690 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0070 EXPLOIT-DB 41623 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/a:microsoft:edge:-

CVE-2017-0071

2017-03-16T20:59:01.867-04:00

2017-07-11T21:29:06.410-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96681 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0071 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0072

2017-03-16T20:59:01.883-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96599 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0072 EXPLOIT-DB 41654 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.

CVE-2017-0073

2017-03-16T20:59:01.917-04:00

2017-07-11T21:29:06.457-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96637 SECTRACK 1038002 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073 The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0074

2017-03-16T20:59:01.947-04:00

2017-07-17T09:18:08.780-04:00

2.3

ADJACENT_NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov BID 96641 SECTRACK 1037999 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0074 Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0075

2017-03-16T20:59:01.977-04:00

2019-10-02T20:03:26.223-04:00

7.4

ADJACENT_NETWORK

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov BID 96698 SECTRACK 1037999 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0075 Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0109.

CVE-2017-0076

2017-03-16T20:59:02.023-04:00

2017-07-17T09:18:08.890-04:00

2.9

ADJACENT_NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 96636 SECTRACK 1037999 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0076 Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0097, and CVE-2017-0099.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0077

2017-05-12T10:29:01.037-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 98114 SECTRACK 1038454 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0077 The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow a local authenticated attacker to execute a specially crafted application to obtain information, or in Windows 7 and later, cause denial of service, aka "Win32k Information Disclosure Vulnerability."

CVE-2017-0078

2017-03-16T20:59:02.057-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 96631 SECTRACK 1038017 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0078 The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2012:r2

CVE-2017-0079

2017-03-16T20:59:02.087-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 96632 SECTRACK 1038017 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0079 The kernel-mode drivers in Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2016

CVE-2017-0080

2017-03-16T20:59:02.103-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 96633 SECTRACK 1038017 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0080 The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0081, and CVE-2017-0082.

CVE-2017-0081

2017-03-16T20:59:02.133-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 96634 SECTRACK 1038017 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0081 The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0082.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511

CVE-2017-0082

2017-03-16T20:59:02.167-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 96635 SECTRACK 1038017 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0082 The kernel-mode drivers in Microsoft Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, and CVE-2017-0081.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0083

2017-03-16T20:59:02.197-04:00

2017-08-15T21:29:12.257-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96608 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0083 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:-:gold cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:- cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0084

2017-03-16T20:59:02.227-04:00

2017-08-15T21:29:12.320-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96610 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0084 EXPLOIT-DB 41648 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0085

2017-03-16T20:59:02.257-04:00

2017-08-15T21:29:12.367-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96652 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0085 EXPLOIT-DB 41646 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0086

2017-03-16T20:59:02.307-04:00

2017-08-15T21:29:12.413-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96603 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0086 EXPLOIT-DB 41649 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0087

2017-03-16T20:59:02.337-04:00

2017-08-15T21:29:12.477-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96604 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0087 EXPLOIT-DB 41650 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0088

2017-03-16T20:59:02.353-04:00

2017-08-15T21:29:12.523-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96605 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0088 EXPLOIT-DB 41651 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0089

2017-03-16T20:59:02.383-04:00

2017-08-15T21:29:12.570-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96606 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0089 EXPLOIT-DB 41652 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0090.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0090

2017-03-16T20:59:02.430-04:00

2017-08-15T21:29:12.617-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96607 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0090 EXPLOIT-DB 41653 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0089.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0091

2017-03-16T20:59:02.463-04:00

2017-08-15T21:29:12.680-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96657 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0091 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0092

2017-03-16T20:59:02.493-04:00

2017-08-15T21:29:12.727-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96676 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/a:microsoft:edge

CVE-2017-0093

2017-04-12T10:59:00.217-04:00

2017-07-10T21:33:24.487-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97419 SECTRACK 1038234 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0093 A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0201.

cpe:/a:microsoft:edge:-

CVE-2017-0094

2017-03-16T20:59:02.510-04:00

2017-07-11T21:29:06.753-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96682 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0094 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2016

CVE-2017-0095

2017-03-16T20:59:02.540-04:00

2019-10-02T20:03:26.223-04:00

7.9

ADJACENT_NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96699 SECTRACK 1037999 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0095 Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0021.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0096

2017-03-16T20:59:02.570-04:00

2017-07-17T09:18:09.593-04:00

2.3

ADJACENT_NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov BID 96701 SECTRACK 1037999 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0096 Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."

CVE-2017-0097

2017-03-16T20:59:02.603-04:00

2017-07-17T09:18:09.640-04:00

2.3

ADJACENT_NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov BID 96639 SECTRACK 1037999 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0097 Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0099.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2016

CVE-2017-0098

2017-03-16T20:59:02.633-04:00

2017-07-17T09:18:09.687-04:00

2.9

ADJACENT_NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 96642 SECTRACK 1037999 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0098 Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0099

2017-03-16T20:59:02.680-04:00

2017-07-17T09:18:09.767-04:00

2.3

ADJACENT_NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov BID 96640 SECTRACK 1037999 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0099 Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0097.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1:- cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0100

2017-03-16T20:59:02.697-04:00

2017-08-15T21:29:12.790-04:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov MISC http://blog.inspired-sec.com/archive/2017/03/17/COM-Moniker-Privesc.html BID 96700 SECTRACK 1038001 MISC https://bugs.chromium.org/p/project-zero/issues/detail?id=1021 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0100 EXPLOIT-DB 41607 A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows HelpPane Elevation of Privilege Vulnerability."

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1:- cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_vista:-:sp2

CVE-2017-0101

2017-03-16T20:59:02.743-04:00

2018-04-18T21:29:02.940-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 96625 SECTRACK 1038013 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0101 EXPLOIT-DB 44479 The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1:- cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:- cpe:/o:microsoft:windows_vista:-:sp2

CVE-2017-0102

2017-03-16T20:59:02.760-04:00

2017-07-11T21:29:06.940-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 96627 SECTRACK 1038013 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0102 Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 let attackers with access to targets systems gain privileges when Windows fails to properly validate buffer lengths, aka "Windows Elevation of Privilege Vulnerability."

cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_vista:-:sp2

CVE-2017-0103

2017-03-16T20:59:02.790-04:00

2017-08-15T21:29:12.837-04:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 96623 SECTRACK 1038013 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0103 EXPLOIT-DB 41645 The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability."

cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0104

2017-03-16T20:59:02.820-04:00

2018-10-30T12:28:01.187-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2018-09-19T13:05:04.877-04:00

BID 96697 SECTRACK 1038001 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0104 The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerability."

cpe:/a:microsoft:office:2010:sp2 cpe:/a:microsoft:office_compatibility_pack:-:sp3 cpe:/a:microsoft:office_web_apps:2010:sp2 cpe:/a:microsoft:sharepoint_server:2010:sp2 cpe:/a:microsoft:word:2007:sp3 cpe:/a:microsoft:word_automation_services:- cpe:/a:microsoft:word_for_mac:2011

CVE-2017-0105

2017-03-16T20:59:02.853-04:00

2017-07-11T21:29:07.083-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96746 SECTRACK 1038010 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105 Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

cpe:/a:microsoft:outlook:2007:sp3 cpe:/a:microsoft:outlook:2010:sp2 cpe:/a:microsoft:outlook:2013:sp1 cpe:/a:microsoft:outlook:2016

CVE-2017-0106

2017-04-12T10:59:00.233-04:00

2017-07-10T21:33:24.533-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97413 SECTRACK 1038227 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0106 Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

cpe:/a:microsoft:sharepoint_foundation:2013:sp1

CVE-2017-0107

2017-03-16T20:59:02.900-04:00

2017-07-11T21:29:07.130-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96748 SECTRACK 1038019 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107 Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability."

cpe:/a:microsoft:live_meeting:2007 cpe:/a:microsoft:lync:2010 cpe:/a:microsoft:lync:2013:sp1 cpe:/a:microsoft:office:2007:sp3 cpe:/a:microsoft:office:2010:sp2 cpe:/a:microsoft:silverlight:5.0 cpe:/a:microsoft:skype_for_business:2016 cpe:/a:microsoft:word_viewer:- cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista:-:sp2

CVE-2017-0108

2017-03-16T20:59:02.917-04:00

2017-08-15T21:29:12.900-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96722 SECTRACK 1038002 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108 EXPLOIT-DB 41647 The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0109

2017-03-16T20:59:02.963-04:00

2017-07-17T09:18:09.813-04:00

7.4

ADJACENT_NETWORK

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov BID 96644 SECTRACK 1037999 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0109 Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0075.

cpe:/a:microsoft:exchange_server:2013:cumulative_update_14 cpe:/a:microsoft:exchange_server:2013:cumulative_update_3 cpe:/a:microsoft:exchange_server:2013:sp1

CVE-2017-0110

2017-03-16T20:59:02.977-04:00

2018-08-09T12:41:22.933-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-08-09T12:02:37.670-04:00

BID 96621 SECTRACK 1038011 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0110 Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0111

2017-03-16T20:59:03.010-04:00

2017-08-15T21:29:12.947-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96658 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0111 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0112

2017-03-16T20:59:03.040-04:00

2017-08-15T21:29:12.993-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96659 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0112 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0113

2017-03-16T20:59:03.087-04:00

2017-08-15T21:29:13.040-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96660 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0113 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0114

2017-03-16T20:59:03.117-04:00

2017-08-15T21:29:13.087-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96661 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0114 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0115

2017-03-16T20:59:03.150-04:00

2017-08-15T21:29:13.133-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96663 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0115 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0116

2017-03-16T20:59:03.180-04:00

2017-08-15T21:29:13.180-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96665 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0116 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0117

2017-03-16T20:59:03.213-04:00

2017-08-15T21:29:13.243-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96679 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

CVE-2017-0118

2017-03-16T20:59:03.243-04:00

2017-08-15T21:29:13.307-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96680 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0118 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0119

2017-03-16T20:59:03.273-04:00

2017-08-15T21:29:13.353-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96666 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0119 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0120

2017-03-16T20:59:03.307-04:00

2017-08-15T21:29:13.400-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96667 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0120 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Uniscribe Information Disclosure Vulnerability."

CVE-2017-0121

2017-03-16T20:59:03.337-04:00

2017-08-15T21:29:13.460-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96678 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0121 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0122

2017-03-16T20:59:03.383-04:00

2017-08-15T21:29:13.523-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96668 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0122 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0123

2017-03-16T20:59:03.417-04:00

2017-08-15T21:29:13.570-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96669 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0123 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0124

2017-03-16T20:59:03.447-04:00

2017-08-15T21:29:13.617-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96670 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0125

2017-03-16T20:59:03.477-04:00

2017-08-15T21:29:13.663-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96672 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0125 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0126

2017-03-16T20:59:03.510-04:00

2017-08-15T21:29:13.697-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96673 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0126 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0127, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0127

2017-03-16T20:59:03.540-04:00

2017-08-15T21:29:13.743-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96674 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0127 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0128.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0128

2017-03-16T20:59:03.570-04:00

2017-08-15T21:29:13.790-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96675 SECTRACK 1037992 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0128 EXPLOIT-DB 41655 Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0127.

cpe:/a:microsoft:lync_for_mac:2011

CVE-2017-0129

2017-03-16T20:59:03.603-04:00

2017-07-11T21:29:07.270-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96752 SECTRACK 1038020 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0129 Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability."

cpe:/a:microsoft:internet_explorer:9 cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:11

CVE-2017-0130

2017-03-16T20:59:03.633-04:00

2017-07-11T21:29:07.317-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96647 SECTRACK 1038008 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0130 The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." This vulnerability is different from that described in CVE-2017-0040.

cpe:/a:microsoft:edge:-

CVE-2017-0131

2017-03-16T20:59:03.650-04:00

2017-07-11T21:29:07.363-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96671 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0131 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/a:microsoft:edge:-

CVE-2017-0132

2017-03-16T20:59:03.697-04:00

2017-07-11T21:29:07.410-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96686 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0132 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/a:microsoft:edge:-

CVE-2017-0133

2017-03-16T20:59:03.727-04:00

2017-07-11T21:29:07.487-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96683 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0133 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/a:microsoft:edge:-

CVE-2017-0134

2017-03-16T20:59:03.760-04:00

2017-07-11T21:29:07.550-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96687 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0134 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/a:microsoft:edge

CVE-2017-0135

2017-03-16T20:59:03.790-04:00

2019-10-02T20:03:26.223-04:00

4.0

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96656 SECTRACK 1038006 MISC https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0135 MISC https://www.freebuf.com/articles/web/164871.html Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.

cpe:/a:microsoft:edge:-

CVE-2017-0136

2017-03-16T20:59:03.820-04:00

2017-07-11T21:29:07.660-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96688 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0136 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/a:microsoft:edge:-

CVE-2017-0137

2017-03-16T20:59:03.853-04:00

2017-07-11T21:29:07.707-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96689 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0137 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/a:microsoft:edge:-

CVE-2017-0138

2017-03-16T20:59:03.883-04:00

2017-07-11T21:29:07.770-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96684 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0138 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

cpe:/a:microsoft:edge

CVE-2017-0140

2017-03-16T20:59:03.917-04:00

2019-10-02T20:03:26.223-04:00

4.0

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96653 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0140 Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135.

cpe:/a:microsoft:edge:-

CVE-2017-0141

2017-03-16T20:59:03.947-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96685 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0141 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0150, and CVE-2017-0151.

cpe:/a:microsoft:server_message_block:1.0

CVE-2017-0143

2017-03-16T20:59:03.977-04:00

2018-06-20T21:29:00.353-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html BID 96703 SECTRACK 1037991 CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143 EXPLOIT-DB 41891 EXPLOIT-DB 41987 EXPLOIT-DB 43970 The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

cpe:/a:microsoft:server_message_block:1.0

CVE-2017-0144

2017-03-16T20:59:04.010-04:00

2018-06-20T21:29:00.433-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html BID 96704 SECTRACK 1037991 CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0144 EXPLOIT-DB 41891 EXPLOIT-DB 41987 EXPLOIT-DB 42030 EXPLOIT-DB 42031 The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

cpe:/a:microsoft:server_message_block:1.0

CVE-2017-0145

2017-03-16T20:59:04.040-04:00

2018-06-20T21:29:00.510-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html BID 96705 SECTRACK 1037991 CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0145 EXPLOIT-DB 41891 EXPLOIT-DB 41987 The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.

cpe:/a:microsoft:server_message_block:1.0

CVE-2017-0146

2017-03-16T20:59:04.070-04:00

2018-06-20T21:29:00.573-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html BID 96707 SECTRACK 1037991 CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0146 EXPLOIT-DB 41891 EXPLOIT-DB 41987 EXPLOIT-DB 43970 The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.

cpe:/a:microsoft:server_message_block:1.0

CVE-2017-0147

2017-03-16T20:59:04.087-04:00

2018-06-20T21:29:00.650-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html BID 96709 SECTRACK 1037991 CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147 EXPLOIT-DB 41891 EXPLOIT-DB 41987 EXPLOIT-DB 43970 The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."

cpe:/a:microsoft:server_message_block:1.0

CVE-2017-0148

2017-03-16T20:59:04.150-04:00

2018-06-20T21:29:00.730-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html BID 96706 SECTRACK 1037991 CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0148 EXPLOIT-DB 41891 EXPLOIT-DB 41987 The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.

cpe:/a:microsoft:internet_explorer:9 cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:11

CVE-2017-0149

2017-03-16T20:59:04.180-04:00

2017-07-11T21:29:07.940-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96724 SECTRACK 1038008 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0149 Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037.

cpe:/a:microsoft:edge:-

CVE-2017-0150

2017-03-16T20:59:04.213-04:00

2017-07-11T21:29:07.987-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96725 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0150 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, and CVE-2017-0151.

cpe:/a:microsoft:edge:-

CVE-2017-0151

2017-03-16T20:59:04.243-04:00

2017-07-11T21:29:08.050-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96727 SECTRACK 1038006 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0151 A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, and CVE-2017-0150.

cpe:/a:microsoft:edge

CVE-2017-0152

2017-07-17T09:18:11.250-04:00

2017-07-21T12:27:14.407-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-20T14:20:36.677-04:00

CONFIRM https://github.com/Microsoft/ChakraCore/commit/9da019424601325a6e95e6be0fa03d7d21d0b517 A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."

cpe:/a:microsoft:internet_explorer:11:-

CVE-2017-0154

2017-03-16T20:59:04.307-04:00

2017-07-11T21:29:08.097-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96766 SECTRACK 1038008 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0154 Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability."

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0155

2017-04-12T10:59:00.267-04:00

2019-10-02T20:03:26.223-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97471 SECTRACK 1038237 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0155 The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Graphics Elevation of Privilege Vulnerability."

CVE-2017-0156

2017-04-12T10:59:00.313-04:00

2019-10-02T20:03:26.223-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97507 SECTRACK 1038237 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0156 An elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability."

CVE-2017-0158

2017-04-12T10:59:00.327-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97455 SECTRACK 1038238 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0158 An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability."

cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0159

2017-04-12T10:59:00.357-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97449 SECTRACK 1038243 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159 A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."

cpe:/a:microsoft:.net_framework:2.0:sp2 cpe:/a:microsoft:.net_framework:3.5 cpe:/a:microsoft:.net_framework:3.5.1 cpe:/a:microsoft:.net_framework:4.5.2 cpe:/a:microsoft:.net_framework:4.6 cpe:/a:microsoft:.net_framework:4.6.1 cpe:/a:microsoft:.net_framework:4.6.2 cpe:/a:microsoft:.net_framework:4.7

CVE-2017-0160

2017-04-12T10:59:00.390-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 97447 SECTRACK 1038236 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0160 EXPLOIT-DB 41903 Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."

CVE-2017-0161

2017-09-12T21:29:08.130-04:00

2017-09-21T13:10:50.577-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-09-19T13:20:19.490-04:00

BID 100728 SECTRACK 1039318 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0161 The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability".

CVE-2017-0162

2017-04-12T10:59:00.420-04:00

2017-07-10T21:33:24.830-04:00

7.4

ADJACENT_NETWORK

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov BID 97461 SECTRACK 1038233 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0162 A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0163, CVE-2017-0180, and CVE-2017-0181.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0163

2017-04-12T10:59:00.453-04:00

2017-07-10T21:33:24.893-04:00

7.4

ADJACENT_NETWORK

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov BID 97465 SECTRACK 1038233 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0163 A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181.

cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2016

CVE-2017-0164

2017-04-12T10:59:00.467-04:00

2017-07-10T21:33:24.940-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov BID 97448 SECTRACK 1038235 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0164 A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability."

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2012:r2

CVE-2017-0165

2017-04-12T10:59:00.500-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 97467 SECTRACK 1038239 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0165 EXPLOIT-DB 41901 An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Windows Elevation of Privilege Vulnerability."

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_7:-:sp1:x86 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1:- cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016 cpe:/o:microsoft:windows_vista:-:sp2

CVE-2017-0166

2017-04-12T10:59:00.530-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97446 SECTRACK 1038245 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0166 An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability."

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0167

2017-04-12T10:59:00.563-04:00

2017-08-15T21:29:14.367-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97473 SECTRACK 1038239 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0167 EXPLOIT-DB 41880 An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. "Windows Kernel Information Disclosure Vulnerability."

cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2

CVE-2017-0168

2017-04-12T10:59:00.593-04:00

2017-07-10T21:33:25.127-04:00

6.3

NETWORK

MEDIUM

SINGLE_INSTANCE

COMPLETE

NONE

http://nvd.nist.gov BID 97418 SECTRACK 1038232 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168 An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0169.

cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2

CVE-2017-0169

2017-04-12T10:59:00.623-04:00

2017-07-10T21:33:25.173-04:00

5.2

ADJACENT_NETWORK

MEDIUM

SINGLE_INSTANCE

COMPLETE

NONE

http://nvd.nist.gov BID 97459 SECTRACK 1038232 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169 An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0168.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0170

2017-07-11T17:29:00.343-04:00

2017-09-26T21:29:01.120-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 99398 SECTRACK 1038855 CONFIRM https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0170 Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability due to the way it parses XML input, aka "Windows Performance Monitor Information Disclosure Vulnerability".

cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0171

2017-05-12T10:29:01.143-04:00

2017-05-25T11:33:06.453-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-05-24T20:56:26.170-04:00

BID 98097 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0171 Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer version queries, aka "Windows DNS Server Denial of Service Vulnerability".

cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0173

2017-06-14T21:29:01.693-04:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-06-21T13:58:00.310-04:00

BID 98873 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0173 Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0174

2017-08-08T17:29:00.437-04:00

2019-10-02T20:03:26.223-04:00

6.1

ADJACENT_NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-08-11T15:09:47.257-04:00

BID 100038 SECTRACK 1039109 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0174 Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka "Windows NetBIOS Denial of Service Vulnerability".

cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2008:- cpe:/o:microsoft:windows_server_2008:r2

CVE-2017-0175

2017-05-12T10:29:01.223-04:00

2018-10-30T12:28:01.187-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-09-19T13:02:31.187-04:00

BID 98110 SECTRACK 1038452 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0175 EXPLOIT-DB 42009 The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0220, CVE-2017-0258, and CVE-2017-0259.

cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_xp::sp1 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp3

CVE-2017-0176

2017-06-22T10:29:00.173-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-03T15:32:11.773-04:00

BID 98550 BID 98752 MISC https://blog.fortinet.com/2017/05/11/deep-analysis-of-esteemaudit MISC https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/ CONFIRM https://support.microsoft.com/en-us/help/4022747/security-update-for-windows-xp-and-windows-server-2003 A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0178

2017-04-12T10:59:00.670-04:00

2017-04-18T12:37:43.457-04:00

5.2

ADJACENT_NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov

2017-04-17T15:39:44.303-04:00

BID 97416 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0178 A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0179

2017-04-12T10:59:00.687-04:00

2017-04-18T12:55:22.187-04:00

6.3

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov

2017-04-17T15:45:06.500-04:00

BID 97426 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0179 A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.

CVE-2017-0180

2017-04-12T10:59:00.733-04:00

2017-07-10T21:33:25.237-04:00

7.4

ADJACENT_NETWORK

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov BID 97444 SECTRACK 1038233 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0180 A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0181.

CVE-2017-0181

2017-04-12T10:59:00.767-04:00

2017-07-10T21:33:25.283-04:00

7.4

ADJACENT_NETWORK

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov BID 97445 SECTRACK 1038233 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0181 A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180.

CVE-2017-0182

2017-04-12T10:59:00.797-04:00

2017-04-18T12:54:03.747-04:00

6.3

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov

2017-04-17T15:47:05.853-04:00

BID 97427 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0182 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.

CVE-2017-0183

2017-04-12T10:59:00.813-04:00

2017-04-18T12:54:31.500-04:00

6.3

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov

2017-04-17T15:48:17.013-04:00

BID 97428 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0183 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.

CVE-2017-0184

2017-04-12T10:59:00.857-04:00

2017-04-18T12:36:49.673-04:00

5.2

ADJACENT_NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov

2017-04-17T15:51:24.947-04:00

BID 97435 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0184 A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, and CVE-2017-0186.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0185

2017-04-12T10:59:00.890-04:00

2017-07-10T21:33:25.330-04:00

6.3

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov BID 97437 SECTRACK 1038230 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0185 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0186.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0186

2017-04-12T10:59:00.907-04:00

2017-04-18T12:53:07.090-04:00

6.3

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov

2017-04-17T15:57:52.403-04:00

BID 97438 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0186 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0185.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1:- cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0188

2017-04-12T10:59:00.937-04:00

2017-07-10T21:33:25.377-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97475 SECTRACK 1038239 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0188 A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0189.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_server_2016

CVE-2017-0189

2017-04-12T10:59:00.983-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 97420 SECTRACK 1038239 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0189 An elevation of privilege vulnerability exists in Windows 10 when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0188.

CVE-2017-0190

2017-05-12T10:29:01.270-04:00

2017-07-07T21:29:02.943-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98298 SECTRACK 1038451 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0190 The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0191

2017-04-12T10:59:01.000-04:00

2019-10-02T20:03:26.223-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov BID 97466 SECTRACK 1038239 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0191 A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability."

CVE-2017-0192

2017-04-12T10:59:01.030-04:00

2017-07-10T21:33:25.533-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97452 SECTRACK 1038231 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0192 The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially crafted document or an untrusted website, aka "ATMFD.dll Information Disclosure Vulnerability."

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_8.1:rt cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0193

2017-06-14T21:29:01.727-04:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 98878 SECTRACK 1038670 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0193 Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability".

cpe:/a:microsoft:excel:2007:sp3 cpe:/a:microsoft:excel:2010:sp2 cpe:/a:microsoft:office_compatibility_pack::sp2

CVE-2017-0194

2017-04-12T10:59:01.063-04:00

2017-07-10T21:33:25.580-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97436 SECTRACK 1038244 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194 Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

cpe:/a:microsoft:excel_web_app:2010:sp2 cpe:/a:microsoft:office_online_server cpe:/a:microsoft:office_web_apps:2010:sp2 cpe:/a:microsoft:office_web_apps_server:2013:sp1 cpe:/a:microsoft:sharepoint_server:2010:sp1 cpe:/a:microsoft:sharepoint_server:2010:sp2

CVE-2017-0195

2017-04-12T10:59:01.093-04:00

2017-04-20T14:20:48.530-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-04-18T15:30:40.037-04:00

BID 97417 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195 Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."

cpe:/a:microsoft:edge

CVE-2017-0196

2017-07-17T09:18:11.297-04:00

2017-07-21T12:23:59.983-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-20T14:19:09.300-04:00

CONFIRM https://github.com/Microsoft/ChakraCore/commit/065b7978c40ded35c356ced6cd922a40156c9c46 An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

cpe:/a:microsoft:onenote:2007:sp3 cpe:/a:microsoft:onenote:2010:sp2

CVE-2017-0197

2017-04-12T10:59:01.123-04:00

2017-07-10T21:33:25.643-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97411 SECTRACK 1038241 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197 MISC https://twitter.com/buffaloverflow/status/852937040480149505 Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."

cpe:/a:microsoft:office:2007:sp3 cpe:/a:microsoft:office:2010:sp2 cpe:/a:microsoft:office:2013:sp1 cpe:/a:microsoft:office:2016 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_vista::sp2

CVE-2017-0199

2017-04-12T10:59:01.157-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.html BID 97498 SECTRACK 1038224 MISC https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/ MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199 EXPLOIT-DB 41894 EXPLOIT-DB 41934 EXPLOIT-DB 42995 MISC https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html MISC https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/ Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."

cpe:/a:microsoft:edge

CVE-2017-0200

2017-04-12T10:59:01.170-04:00

2017-07-10T21:33:25.737-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97456 SECTRACK 1038234 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0200 A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability."

cpe:/a:microsoft:internet_explorer:9 cpe:/a:microsoft:internet_explorer:10

CVE-2017-0201

2017-04-12T10:59:01.203-04:00

2017-07-10T21:33:25.783-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97454 SECTRACK 1038238 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0201 A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0093.

cpe:/a:microsoft:internet_explorer:11

CVE-2017-0202

2017-04-12T10:59:01.250-04:00

2017-08-15T21:29:14.507-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97441 SECTRACK 1038238 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0202 EXPLOIT-DB 41941 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."

cpe:/a:microsoft:edge

CVE-2017-0203

2017-04-12T10:59:01.267-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97443 SECTRACK 1038234 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0203 A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass Vulnerability."

cpe:/a:microsoft:outlook:2007:sp3 cpe:/a:microsoft:outlook:2010:sp2 cpe:/a:microsoft:outlook:2013:sp1 cpe:/a:microsoft:outlook:2016

CVE-2017-0204

2017-04-12T10:59:01.297-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97458 SECTRACK 1038227 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0204 Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."

cpe:/a:microsoft:edge

CVE-2017-0205

2017-04-12T10:59:01.327-04:00

2017-07-10T21:33:25.987-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97442 SECTRACK 1038234 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0205 A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability."

cpe:/a:microsoft:outlook:2011::~~~mac_os_x~~

CVE-2017-0207

2017-04-12T10:59:01.360-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97463 SECTRACK 1038242 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0207 Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability."

cpe:/a:microsoft:edge

CVE-2017-0208

2017-04-12T10:59:01.390-04:00

2017-07-10T21:33:26.080-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97460 SECTRACK 1038234 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208 An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."

cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:11

CVE-2017-0210

2017-04-12T10:59:01.420-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97512 SECTRACK 1038238 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0210 An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0211

2017-04-12T10:59:01.453-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97514 SECTRACK 1038240 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0211 EXPLOIT-DB 41902 An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability."

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_server_2016

CVE-2017-0212

2017-05-12T10:29:01.347-04:00

2019-10-02T20:03:26.223-04:00

5.4

ADJACENT_NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-05-23T14:34:44.543-04:00

BID 98099 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0212 Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows Hyper-V vSMB Elevation of Privilege Vulnerability".

CVE-2017-0213

2017-05-12T10:29:01.393-04:00

2019-10-02T20:03:26.223-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98102 SECTRACK 1038457 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213 EXPLOIT-DB 42020 Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.

CVE-2017-0214

2017-05-12T10:29:01.677-04:00

2019-10-02T20:03:26.223-04:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 98103 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0214 EXPLOIT-DB 42021 Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before loading type libraries, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0213.

cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0215

2017-06-14T21:29:01.757-04:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 98879 SECTRACK 1038669 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0215 MISC https://posts.specterops.io/umci-bypass-using-psworkflowutility-cve-2017-0215-71c76c1588f9 Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.

cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0216

2017-06-14T21:29:01.787-04:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-06-21T12:21:24.550-04:00

BID 98896 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0216 Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0218, and CVE-2017-0219.

cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0218

2017-06-14T21:29:01.820-04:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 98897 SECTRACK 1038669 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0218 Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0219.

cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0219

2017-06-14T21:29:01.850-04:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-06-21T12:19:34.140-04:00

BID 98898 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0219 Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0218.

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:-

CVE-2017-0220

2017-05-12T10:29:01.753-04:00

2017-08-12T21:29:15.333-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98111 SECTRACK 1038445 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0220 EXPLOIT-DB 42009 The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259.

cpe:/a:microsoft:edge

CVE-2017-0221

2017-05-12T10:29:02.003-04:00

2017-05-23T15:17:47.830-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-23T13:51:49.560-04:00

BID 98147 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0221 A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240.

cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:11

CVE-2017-0222

2017-05-12T10:29:02.143-04:00

2017-07-07T21:29:03.287-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 98127 SECTRACK 1038423 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0222 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226.

cpe:/a:microsoft:edge:-

CVE-2017-0223

2017-05-15T13:29:00.170-04:00

2017-07-07T21:29:03.333-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SECTRACK 1038425 CONFIRM https://github.com/Microsoft/ChakraCore/pull/2959 A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0252.

cpe:/a:microsoft:edge

CVE-2017-0224

2017-05-12T10:29:02.253-04:00

2017-05-23T13:42:17.920-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-23T11:37:39.600-04:00

BID 98214 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0224 A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.

cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:11

CVE-2017-0226

2017-05-12T10:29:02.300-04:00

2017-05-23T14:05:41.127-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-23T12:15:02.603-04:00

BID 98139 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0226 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0222.

cpe:/a:microsoft:edge

CVE-2017-0227

2017-05-12T10:29:02.363-04:00

2017-07-07T21:29:03.380-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 98281 SECTRACK 1038424 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0227 A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0221 and CVE-2017-0240.

cpe:/a:microsoft:edge cpe:/a:microsoft:internet_explorer:11

CVE-2017-0228

2017-05-12T10:29:02.440-04:00

2017-07-07T21:29:03.583-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 98164 SECTRACK 1038425 SECTRACK 1038426 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0228 A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.

cpe:/a:microsoft:edge

CVE-2017-0229

2017-05-12T10:29:02.487-04:00

2017-05-23T14:09:01.473-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-23T11:36:29.347-04:00

BID 98217 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0229 A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.

cpe:/a:microsoft:edge

CVE-2017-0230

2017-05-12T10:29:02.567-04:00

2017-05-23T14:09:24.007-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-23T11:34:09.570-04:00

BID 98222 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0230 A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.

cpe:/a:microsoft:edge cpe:/a:microsoft:internet_explorer:11

CVE-2017-0231

2017-05-12T10:29:02.613-04:00

2017-07-07T21:29:03.740-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98173 SECTRACK 1038455 SECTRACK 1038456 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0231 A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability."

cpe:/a:microsoft:edge

CVE-2017-0233

2017-05-12T10:29:02.643-04:00

2019-10-02T20:03:26.223-04:00

5.1

NETWORK

HIGH

NONE

PARTIAL

http://nvd.nist.gov

2017-05-24T10:46:06.650-04:00

BID 98179 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0233 An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0241.

cpe:/a:microsoft:edge

CVE-2017-0234

2017-05-12T10:29:02.690-04:00

2017-07-07T21:29:03.787-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 98229 SECTRACK 1038431 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0234 A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.

cpe:/a:microsoft:edge

CVE-2017-0235

2017-05-12T10:29:02.723-04:00

2017-05-23T14:10:31.333-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-23T11:30:17.570-04:00

BID 98230 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0235 A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238.

cpe:/a:microsoft:edge

CVE-2017-0236

2017-05-12T10:29:02.770-04:00

2017-07-07T21:29:03.833-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 98234 SECTRACK 1038431 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0236 A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238.

cpe:/a:microsoft:edge cpe:/a:microsoft:internet_explorer:9 cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:11

CVE-2017-0238

2017-05-12T10:29:03.130-04:00

2017-05-23T14:39:23.733-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-23T10:53:54.500-04:00

BID 98237 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0238 A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236.

cpe:/a:microsoft:edge

CVE-2017-0240

2017-05-12T10:29:03.393-04:00

2017-07-07T21:29:03.880-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 98203 SECTRACK 1038424 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0240 A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0221 and CVE-2017-0227.

cpe:/a:microsoft:edge

CVE-2017-0241

2017-05-12T10:29:03.537-04:00

2019-10-02T20:03:26.223-04:00

5.4

NETWORK

HIGH

NONE

COMPLETE

NONE

http://nvd.nist.gov

2017-05-24T10:31:53.900-04:00

BID 98208 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0241 An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0233.

cpe:/o:microsoft:windows_7:- cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium

CVE-2017-0242

2017-05-12T10:29:03.597-04:00

2017-05-23T15:43:13.357-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-23T13:34:30.220-04:00

BID 98275 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0242 An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability."

cpe:/a:microsoft:business_productivity_servers:2010:sp2 cpe:/a:microsoft:office:2007:sp3 cpe:/a:microsoft:office:2010:sp2 cpe:/a:microsoft:web_applications:2010:sp2

CVE-2017-0243

2017-07-11T17:29:00.407-04:00

2017-07-20T09:27:03.137-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-17T22:48:53.650-04:00

BID 99446 SECTRACK 1038851 CONFIRM https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0243 Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570.

cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium

CVE-2017-0244

2017-05-12T10:29:03.690-04:00

2019-10-02T20:03:26.223-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98109 SECTRACK 1038453 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0244 The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause denial of service, aka "Windows Kernel Elevation of Privilege Vulnerability."

cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:-

CVE-2017-0245

2017-05-12T10:29:03.770-04:00

2017-08-12T21:29:15.380-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98115 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0245 EXPLOIT-DB 42008 The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure Vulnerability."

CVE-2017-0246

2017-05-12T10:29:03.833-04:00

2019-10-02T20:03:26.223-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98108 SECTRACK 1038449 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0246 The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka "Win32k Elevation of Privilege Vulnerability."

cpe:/a:microsoft:microsoft.aspnetcore.mvc:1.0.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc:1.0.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc:1.0.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc:1.0.3::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc:1.1.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc:1.1.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc:1.1.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.core:1.0.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.core:1.0.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.core:1.0.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.core:1.0.3::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.core:1.1.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.core:1.1.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.core:1.1.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1::~~~asp.net~~ cpe:/a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2::~~~asp.net~~ cpe:/a:microsoft:system.net.http:4.1.1::~~~asp.net~~ cpe:/a:microsoft:system.net.http:4.3.1::~~~asp.net~~ cpe:/a:microsoft:system.net.http.winhttphandler:4.0.1::~~~asp.net~~ cpe:/a:microsoft:system.net.http.winhttphandler:4.3.0::~~~asp.net~~ cpe:/a:microsoft:system.net.security:4.0.0::~~~asp.net~~ cpe:/a:microsoft:system.net.security:4.3.0::~~~asp.net~~ cpe:/a:microsoft:system.net.websockets.client:4.0.0::~~~asp.net~~ cpe:/a:microsoft:system.net.websockets.client:4.3.0::~~~asp.net~~ cpe:/a:microsoft:system.text.encodings.web:4.0.0::~~~asp.net~~ cpe:/a:microsoft:system.text.encodings.web:4.3.0::~~~asp.net~~

CVE-2017-0247

2017-05-12T10:29:03.910-04:00

2017-08-10T13:59:59.953-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-08-08T14:43:20.307-04:00

MISC https://github.com/aspnet/Announcements/issues/239 CONFIRM https://technet.microsoft.com/en-us/library/security/4021279.aspx MISC https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.

CVE-2017-0248

2017-05-12T10:29:03.973-04:00

2019-10-02T20:03:26.223-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98117 SECTRACK 1038458 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0248 Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

CVE-2017-0249

2017-05-12T10:29:04.003-04:00

2017-08-10T14:00:15.093-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-08-08T14:43:52.603-04:00

MISC https://github.com/aspnet/Announcements/issues/239 An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0250

2017-08-08T17:29:00.470-04:00

2017-08-15T13:24:25.920-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-08-14T12:29:28.850-04:00

BID 98100 SECTRACK 1039090 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0250 Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability".

cpe:/a:microsoft:edge:-

CVE-2017-0252

2017-05-15T13:29:00.203-04:00

2017-05-24T10:30:42.523-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-05-23T22:51:22.670-04:00

CONFIRM https://github.com/Microsoft/ChakraCore/pull/2959 A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0223.

cpe:/a:microsoft:office:2010:sp2 cpe:/a:microsoft:office:2011::mac cpe:/a:microsoft:office:2016::mac cpe:/a:microsoft:office_compatibility_pack::sp3 cpe:/a:microsoft:office_web_apps:2010:sp2 cpe:/a:microsoft:office_web_apps:2013:sp1 cpe:/a:microsoft:sharepoint_server:2013:sp1 cpe:/a:microsoft:sharepoint_server:2016 cpe:/a:microsoft:word:2007 cpe:/a:microsoft:word:2010:sp2 cpe:/a:microsoft:word:2013:sp1 cpe:/a:microsoft:word:2016 cpe:/a:microsoft:word_rt:2013:sp1 cpe:/a:microsoft:word_viewer

CVE-2017-0254

2017-05-12T10:29:04.067-04:00

2017-07-07T21:29:04.083-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98101 SECTRACK 1038443 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254 Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.

cpe:/a:microsoft:sharepoint_foundation:2013:sp1

CVE-2017-0255

2017-05-12T10:29:04.113-04:00

2017-05-23T15:51:37.650-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-23T14:47:46.997-04:00

BID 98107 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255 Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".

CVE-2017-0256

2017-05-12T10:29:04.457-04:00

2017-08-10T15:18:09.940-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-08-08T14:45:47.073-04:00

MISC https://github.com/aspnet/Announcements/issues/239 A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1:- cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0258

2017-05-12T10:29:04.520-04:00

2017-08-12T21:29:15.443-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98112 SECTRACK 1038446 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0258 EXPLOIT-DB 42006 The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0259.

CVE-2017-0259

2017-05-12T10:29:04.910-04:00

2017-08-12T21:29:15.490-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98113 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0259 EXPLOIT-DB 42007 The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0258.

cpe:/a:microsoft:office:2013:sp1 cpe:/a:microsoft:office:2016 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1

CVE-2017-0260

2017-06-14T21:29:01.897-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98810 SECTRACK 1038668 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260 A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506.

cpe:/a:microsoft:office:2010:sp2 cpe:/a:microsoft:office:2013:sp1 cpe:/a:microsoft:office:2016

CVE-2017-0261

2017-05-12T10:29:04.987-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98104 SECTRACK 1038444 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261 Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.

cpe:/a:microsoft:office:2010:sp2 cpe:/a:microsoft:office:2013:sp1 cpe:/a:microsoft:office:2016

CVE-2017-0262

2017-05-12T10:29:05.037-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-23T15:21:10.123-04:00

BID 98279 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0262 Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281.

CVE-2017-0263

2017-05-12T10:29:05.097-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 98258 SECTRACK 1038449 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0263 EXPLOIT-DB 44478 MISC https://xiaodaozhi.com/exploit/117.html The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

cpe:/a:microsoft:powerpoint_for_mac:2011

CVE-2017-0264

2017-05-12T10:29:05.177-04:00

2017-05-23T15:49:11.083-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-23T14:05:44.780-04:00

BID 98282 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0264 Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265.

cpe:/a:microsoft:powerpoint_for_mac:2011

CVE-2017-0265

2017-05-12T10:29:05.237-04:00

2017-07-07T21:29:04.333-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98285 SECTRACK 1038448 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0265 Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0264.

cpe:/a:microsoft:edge

CVE-2017-0266

2017-05-12T10:29:05.287-04:00

2017-05-23T15:08:29.413-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-23T14:02:49.903-04:00

BID 98276 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0266 A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability."

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0267

2017-05-12T10:29:05.333-04:00

2018-03-27T21:29:04.903-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98259 SECTRACK 1038432 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0267 Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1:- cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0268

2017-05-12T10:29:05.397-04:00

2018-03-27T21:29:04.980-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98261 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0268 Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0269

2017-05-12T10:29:05.457-04:00

2018-03-27T21:29:05.073-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 98263 SECTRACK 1038433 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0269 The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1:- cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0270

2017-05-12T10:29:05.503-04:00

2018-03-27T21:29:05.200-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98264 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0270 Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1:- cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0271

2017-05-12T10:29:05.817-04:00

2018-03-27T21:29:05.293-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98265 SECTRACK 1038432 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0271 Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.

CVE-2017-0272

2017-05-12T10:29:05.880-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98260 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0272 The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0273

2017-05-12T10:29:05.940-04:00

2018-03-27T21:29:05.467-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 98274 SECTRACK 1038433 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0273 The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1:- cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0274

2017-05-12T10:29:06.147-04:00

2018-03-27T21:29:05.543-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98266 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0274 Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276.

CVE-2017-0275

2017-05-12T10:29:06.333-04:00

2018-03-27T21:29:05.620-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98267 SECTRACK 1038432 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0275 Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0276.

CVE-2017-0276

2017-05-12T10:29:06.397-04:00

2018-03-27T21:29:05.700-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98268 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0276 Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0275.

CVE-2017-0277

2017-05-12T10:29:06.440-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 98270 SECTRACK 1038430 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0277 The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279.

CVE-2017-0278

2017-05-12T10:29:06.487-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 98271 SECTRACK 1038430 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0278 The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0279.

CVE-2017-0279

2017-05-12T10:29:06.537-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 98272 SECTRACK 1038430 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0279 The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278.

CVE-2017-0280

2017-05-12T10:29:06.597-04:00

2018-03-27T21:29:06.027-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98273 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0280 The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0273.

cpe:/a:microsoft:office:2007:sp3 cpe:/a:microsoft:office:2010:sp2 cpe:/a:microsoft:office:2013:sp1 cpe:/a:microsoft:office:2016 cpe:/a:microsoft:office_online_server:2016 cpe:/a:microsoft:office_web_apps:2010:sp2 cpe:/a:microsoft:office_web_apps:2013:sp1 cpe:/a:microsoft:project_server:2013:sp1 cpe:/a:microsoft:sharepoint_foundation:2013:sp1 cpe:/a:microsoft:sharepoint_server:2010:sp2 cpe:/a:microsoft:sharepoint_server:2013:sp1 cpe:/a:microsoft:sharepoint_server:2016 cpe:/a:microsoft:skype_for_business:2016 cpe:/a:microsoft:word:2016

CVE-2017-0281

2017-05-12T10:29:06.660-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-25T13:37:15.383-04:00

BID 98297 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281 Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_8.1:rt cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0282

2017-06-14T21:29:01.927-04:00

2017-08-11T21:29:01.657-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98885 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0282 EXPLOIT-DB 42237 Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0284, CVE-2017-0285, and CVE-2017-8534.

cpe:/a:microsoft:lync:2013:sp1 cpe:/a:microsoft:office:2007:sp3 cpe:/a:microsoft:office:2010:sp2 cpe:/a:microsoft:office_word_viewer:- cpe:/a:microsoft:silverlight:5.0::~~~windows~~ cpe:/a:microsoft:skype_for_business:2016 cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_8.1:rt cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0283

2017-06-14T21:29:01.943-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98920 SECTRACK 1038675 MISC https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html MISC https://bugs.chromium.org/p/project-zero/issues/detail?id=1198 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283 EXPLOIT-DB 42234 Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_8.1:rt cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0284

2017-06-14T21:29:01.977-04:00

2017-08-11T21:29:01.847-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98918 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0284 EXPLOIT-DB 42235 Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0285, and CVE-2017-8534.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_8.1:rt cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0285

2017-06-14T21:29:02.007-04:00

2017-08-11T21:29:01.877-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98914 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0285 EXPLOIT-DB 42236 Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft Office Word Viewer allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-8534.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_8.1:rt cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0286

2017-06-14T21:29:02.037-04:00

2017-08-11T21:29:01.923-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98891 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0286 EXPLOIT-DB 42238 Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_8.1:rt cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0287

2017-06-14T21:29:02.070-04:00

2017-08-11T21:29:01.970-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98922 SECTRACK 1038662 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0287 EXPLOIT-DB 42239 Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_8.1:rt cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0288

2017-06-14T21:29:02.100-04:00

2017-08-11T21:29:02.033-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98923 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0288 EXPLOIT-DB 42241 Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.

cpe:/o:microsoft:windows_10 cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_8.1:rt cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016:-

CVE-2017-0289

2017-06-14T21:29:02.133-04:00

2017-08-11T21:29:02.080-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98929 SECTRACK 1038662 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0289 EXPLOIT-DB 42240 Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.

cpe:/a:microsoft:forefront_security:- cpe:/a:microsoft:malware_protection_engine:1.1.13701.0 cpe:/a:microsoft:windows_defender:-

CVE-2017-0290

2017-05-09T02:29:00.157-04:00

2019-05-08T18:03:15.643-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98330 SECTRACK 1038419 SECTRACK 1038420 MISC https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html MISC https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/ MISC https://bugs.chromium.org/p/project-zero/issues/detail?id=1252 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290 CONFIRM https://technet.microsoft.com/library/security/4022344 MISC https://twitter.com/natashenka/status/861748397409058816 EXPLOIT-DB 41975 The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability."

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0291

2017-06-14T21:29:02.163-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-06-23T10:37:51.463-04:00

BID 98835 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0291 Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0292.

cpe:/a:microsoft:word:2013:sp1 cpe:/a:microsoft:word:2013:sp1:~~rt~~~ cpe:/a:microsoft:word:2016 cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0292

2017-06-14T21:29:02.193-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98836 SECTRACK 1038678 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0292 Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0291.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_rt_8.1 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0293

2017-08-08T17:29:00.500-04:00

2017-08-15T13:54:57.180-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-08-14T11:24:31.070-04:00

BID 100039 SECTRACK 1039092 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0293 Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability".

CVE-2017-0294

2017-06-14T21:29:02.227-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-06-23T11:42:54.657-04:00

BID 98837 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0294 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute remote code when Windows fails to properly handle cabinet files, aka "Windows Remote Code Execution Vulnerability".

cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_server_2016

CVE-2017-0295

2017-06-14T21:29:02.240-04:00

2019-10-02T20:03:26.223-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98904 SECTRACK 1038674 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0295 Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability".

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_8.1:rt cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0296

2017-06-14T21:29:02.273-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-06-20T09:23:31.837-04:00

BID 98839 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0296 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privilege when tdx.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows TDX Elevation of Privilege Vulnerability".

cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_8.1:rt cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0297

2017-06-14T21:29:02.303-04:00

2017-07-07T21:29:05.130-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98840 SECTRACK 1038671 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0297 The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300.

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_8.1:rt cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:-:gold cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0298

2017-06-14T21:29:02.337-04:00

2019-10-02T20:03:26.223-04:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-06-20T11:31:38.963-04:00

BID 98841 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0298 A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user's session, aka "Windows COM Session Elevation of Privilege Vulnerability."

cpe:/o:microsoft:windows_10:- cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_8.1:rt cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0299

2017-06-14T21:29:02.367-04:00

2018-10-30T12:27:22.200-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98884 SECTRACK 1038671 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0299 EXPLOIT-DB 42219 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, and CVE-2017-0297.

cpe:/o:microsoft:windows_10:1511 cpe:/o:microsoft:windows_10:1607 cpe:/o:microsoft:windows_10:1703 cpe:/o:microsoft:windows_7:-:sp1 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_8.1:rt cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016

CVE-2017-0300

2017-06-14T21:29:02.397-04:00

2017-08-11T21:29:02.173-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98901 CONFIRM https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0300 EXPLOIT-DB 42244 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, and CVE-2017-0297.

CVE-2017-0301

2017-12-21T12:29:00.217-05:00

2019-10-02T20:03:26.223-04:00

4.0

ADJACENT_NETWORK

HIGH

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2018-01-08T10:47:56.533-05:00

SECTRACK 1040040 CONFIRM https://support.f5.com/csp/article/K54358225 In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected.

cpe:/a:f5:big-ip_access_policy_manager:12.0.0 cpe:/a:f5:big-ip_access_policy_manager:12.1.0 cpe:/a:f5:big-ip_access_policy_manager:12.1.1 cpe:/a:f5:big-ip_access_policy_manager:12.1.2 cpe:/a:f5:big-ip_access_policy_manager:13.0.0

CVE-2017-0302

2017-05-09T11:29:00.373-04:00

2017-07-07T21:29:05.240-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov SECTRACK 1038408 CONFIRM https://support.f5.com/csp/article/K87141725 In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.

cpe:/a:f5:big-ip_access_policy_manager:11.5.0 cpe:/a:f5:big-ip_access_policy_manager:11.5.1 cpe:/a:f5:big-ip_access_policy_manager:11.5.2 cpe:/a:f5:big-ip_access_policy_manager:11.5.3 cpe:/a:f5:big-ip_access_policy_manager:11.5.4 cpe:/a:f5:big-ip_access_policy_manager:11.5.5 cpe:/a:f5:big-ip_access_policy_manager:11.6.0 cpe:/a:f5:big-ip_access_policy_manager:11.6.1 cpe:/a:f5:big-ip_access_policy_manager:12.0.0 cpe:/a:f5:big-ip_access_policy_manager:12.1.0 cpe:/a:f5:big-ip_access_policy_manager:12.1.1 cpe:/a:f5:big-ip_access_policy_manager:12.1.2 cpe:/a:f5:big-ip_access_policy_manager:13.0.0 cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.0 cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.1 cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.2 cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.3 cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.4 cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.5 cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.0 cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.1 cpe:/a:f5:big-ip_advanced_firewall_manager:12.0.0 cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.0 cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.1 cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.2 cpe:/a:f5:big-ip_advanced_firewall_manager:13.0.0 cpe:/a:f5:big-ip_application_acceleration_manager:11.5.0 cpe:/a:f5:big-ip_application_acceleration_manager:11.5.1 cpe:/a:f5:big-ip_application_acceleration_manager:11.5.2 cpe:/a:f5:big-ip_application_acceleration_manager:11.5.3 cpe:/a:f5:big-ip_application_acceleration_manager:11.5.4 cpe:/a:f5:big-ip_application_acceleration_manager:11.5.5 cpe:/a:f5:big-ip_application_acceleration_manager:11.6.0 cpe:/a:f5:big-ip_application_acceleration_manager:11.6.1 cpe:/a:f5:big-ip_application_acceleration_manager:12.0.0 cpe:/a:f5:big-ip_application_acceleration_manager:12.1.0 cpe:/a:f5:big-ip_application_acceleration_manager:12.1.1 cpe:/a:f5:big-ip_application_acceleration_manager:12.1.2 cpe:/a:f5:big-ip_application_acceleration_manager:13.0.0 cpe:/a:f5:big-ip_application_security_manager:11.5.0 cpe:/a:f5:big-ip_application_security_manager:11.5.1 cpe:/a:f5:big-ip_application_security_manager:11.5.2 cpe:/a:f5:big-ip_application_security_manager:11.5.3 cpe:/a:f5:big-ip_application_security_manager:11.5.4 cpe:/a:f5:big-ip_application_security_manager:11.5.5 cpe:/a:f5:big-ip_application_security_manager:11.6.0 cpe:/a:f5:big-ip_application_security_manager:11.6.1 cpe:/a:f5:big-ip_application_security_manager:12.0.0 cpe:/a:f5:big-ip_application_security_manager:12.1.0 cpe:/a:f5:big-ip_application_security_manager:12.1.1 cpe:/a:f5:big-ip_application_security_manager:12.1.2 cpe:/a:f5:big-ip_application_security_manager:13.0.0 cpe:/a:f5:big-ip_link_controller:11.5.0 cpe:/a:f5:big-ip_link_controller:11.5.1 cpe:/a:f5:big-ip_link_controller:11.5.2 cpe:/a:f5:big-ip_link_controller:11.5.3 cpe:/a:f5:big-ip_link_controller:11.5.4 cpe:/a:f5:big-ip_link_controller:11.5.5 cpe:/a:f5:big-ip_link_controller:11.6.0 cpe:/a:f5:big-ip_link_controller:11.6.1 cpe:/a:f5:big-ip_link_controller:12.0.0 cpe:/a:f5:big-ip_link_controller:12.1.0 cpe:/a:f5:big-ip_link_controller:12.1.1 cpe:/a:f5:big-ip_link_controller:12.1.2 cpe:/a:f5:big-ip_link_controller:13.0.0 cpe:/a:f5:big-ip_local_traffic_manager:11.5.0 cpe:/a:f5:big-ip_local_traffic_manager:11.5.1 cpe:/a:f5:big-ip_local_traffic_manager:11.5.2 cpe:/a:f5:big-ip_local_traffic_manager:11.5.3 cpe:/a:f5:big-ip_local_traffic_manager:11.5.4 cpe:/a:f5:big-ip_local_traffic_manager:11.5.5 cpe:/a:f5:big-ip_local_traffic_manager:11.6.0 cpe:/a:f5:big-ip_local_traffic_manager:11.6.1 cpe:/a:f5:big-ip_local_traffic_manager:12.0.0 cpe:/a:f5:big-ip_local_traffic_manager:12.1.0 cpe:/a:f5:big-ip_local_traffic_manager:12.1.1 cpe:/a:f5:big-ip_local_traffic_manager:12.1.2 cpe:/a:f5:big-ip_local_traffic_manager:13.0.0 cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.0 cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.1 cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.2 cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.3 cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.4 cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.5 cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.0 cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.1 cpe:/a:f5:big-ip_policy_enforcement_manager:12.0.0 cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.0 cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.1 cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.2 cpe:/a:f5:big-ip_policy_enforcement_manager:13.0.0 cpe:/a:f5:big-ip_websafe:1.0.0

CVE-2017-0303

2017-10-27T10:29:00.233-04:00

2019-10-02T20:03:26.223-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-14T14:02:42.310-05:00

BID 101612 SECTRACK 1039674 CONFIRM https://support.f5.com/csp/article/K30201296 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections.

cpe:/a:f5:big-ip_advanced_firewall_manager:12.0.0 cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.0 cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.1 cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.2 cpe:/a:f5:big-ip_advanced_firewall_manager:13.0.0

CVE-2017-0304

2017-12-21T12:29:00.263-05:00

2018-01-08T10:32:19.147-05:00

5.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2018-01-08T09:18:52.317-05:00

BID 102332 SECTRACK 1040041 CONFIRM https://support.f5.com/csp/article/K39428424 A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected.

cpe:/a:f5:ssl_intercept_iapp:1.5.0 cpe:/a:f5:ssl_intercept_iapp:1.5.7

CVE-2017-0305

2017-04-06T10:59:00.193-04:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-04-12T15:33:45.627-04:00

CONFIRM https://support.f5.com/csp/article/K53244431 F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0306

2017-03-07T20:59:00.393-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4561 BID 96723 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-34132950. References: N-CVE-2017-0306.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0307

2017-03-07T20:59:00.457-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4561 BID 96809 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33177895. References: N-CVE-2017-0307.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0308

2017-02-15T18:59:00.133-05:00

2017-02-23T14:04:30.367-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-02-16T12:35:19.860-05:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation leading to denial of service or escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0309

2017-02-15T18:59:00.180-05:00

2017-02-23T14:04:55.117-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-02-16T13:10:24.583-05:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0310

2017-02-15T18:59:00.213-05:00

2019-10-02T20:03:26.223-04:00

4.9

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-02-16T11:19:30.987-05:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0311

2017-02-15T18:59:00.260-05:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-02-16T12:38:28.793-05:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0312

2017-02-15T18:59:00.277-05:00

2017-08-31T21:29:32.680-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 EXPLOIT-DB 41364 All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0313

2017-02-15T18:59:00.307-05:00

2017-08-31T21:29:32.727-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 EXPLOIT-DB 41365 All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0314

2017-02-15T18:59:00.337-05:00

2017-02-23T14:26:23.440-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-02-16T10:58:02.960-05:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0315

2017-02-15T18:59:00.367-05:00

2017-02-23T14:26:30.033-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-02-16T11:11:36.043-05:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an attempt to access an invalid object pointer may lead to denial of service or potential escalation of privileges.

cpe:/a:nvidia:geforce_experience:gfe_3.0 cpe:/a:nvidia:geforce_experience:gfe_3.0.6 cpe:/a:nvidia:geforce_experience:gfe_3.0.7 cpe:/a:nvidia:geforce_experience:gfe_3.1.0 cpe:/a:nvidia:geforce_experience:gfe_3.1.0.00 cpe:/a:nvidia:geforce_experience:gfe_3.1.2 cpe:/a:nvidia:geforce_experience:gfe_3.2.0 cpe:/a:nvidia:geforce_experience:gfe_3.2.2 cpe:/a:nvidia:geforce_experience:gfe_3.3.0 cpe:/a:nvidia:geforce_experience:gfe_3.4.0 cpe:/a:nvidia:geforce_experience:gfe_3.5.0 cpe:/a:nvidia:geforce_experience:gfe_3.6.0 cpe:/a:nvidia:geforce_experience:gfe_3.7.0 cpe:/a:nvidia:geforce_experience:gfe_3.8.0 cpe:/a:nvidia:geforce_experience:gfe_3.9.0 cpe:/a:nvidia:geforce_experience:gfe_3.10.0

CVE-2017-0316

2017-10-16T17:29:00.213-04:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-07T12:39:47.133-05:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4560 In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0317

2017-02-15T18:59:00.400-05:00

2019-10-02T20:03:26.223-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-02-16T11:07:57.110-05:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0318

2017-02-15T18:59:00.430-05:00

2017-02-23T14:08:21.860-05:00

4.9

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-02-16T12:30:57.037-05:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0319

2017-02-15T18:59:00.447-05:00

2019-10-02T20:03:26.223-04:00

4.9

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-02-16T13:22:37.117-05:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0320

2017-02-15T18:59:00.493-05:00

2019-10-02T20:03:26.223-04:00

4.9

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-02-16T13:24:39.967-05:00

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0321

2017-02-15T18:59:00.510-05:00

2017-02-23T14:06:24.497-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-02-16T13:08:09.733-05:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0322

2017-02-15T18:59:00.540-05:00

2017-02-23T14:30:39.357-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-02-16T14:03:52.150-05:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, leading to denial of service or potential escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0323

2017-02-15T18:59:00.570-05:00

2017-02-23T14:30:31.687-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-02-16T11:26:11.987-05:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0324

2017-02-15T18:59:00.603-05:00

2017-02-23T14:30:24.903-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-02-16T10:53:04.617-05:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4398 All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0325

2017-04-05T10:59:00.167-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4561 BID 97350 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01.html An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10 and Kernel 3.18. Android ID: A-33040280. References: N-CVE-2017-0325.

cpe:/o:google:android:7.1.2

CVE-2017-0326

2017-07-07T10:29:00.220-04:00

2017-10-18T21:30:20.690-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4561 BID 99477 CONFIRM https://source.android.com/security/bulletin/2017-07-01 An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This issue is rated as Moderate. Product: Android. Version: N/A. Android ID: A-33718700. References: N-CVE-2017-0326.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0327

2017-04-05T10:59:00.197-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4561 BID 97333 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01.html An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33893669. References: N-CVE-2017-0327.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0328

2017-04-05T10:59:00.227-04:00

2017-07-10T21:33:26.423-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97347 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01.html An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33898322. References: N-CVE-2017-0328.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0329

2017-04-05T10:59:00.260-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97353 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01.html An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot and power management processor. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID:A-34115304. References: N-CVE-2017-0329.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0330

2017-04-05T10:59:00.290-04:00

2019-04-02T14:29:00.317-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97347 SECTRACK 1038201 CONFIRM https://nvidia.custhelp.com/app/answers/detail/a_id/4787 CONFIRM https://source.android.com/security/bulletin/2017-04-01.html An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33899858. References: N-CVE-2017-0330.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10

CVE-2017-0331

2017-05-02T17:59:00.260-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4561 BID 98150 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0332

2017-04-05T10:59:00.323-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0333

2017-03-07T20:59:00.487-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96723 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33899363. References: N-CVE-2017-0333.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0334

2017-03-07T20:59:00.517-05:00

2017-07-17T09:18:11.500-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01.html An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33245849. References: N-CVE-2017-0334.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0335

2017-03-07T20:59:00.547-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0336

2017-03-07T20:59:00.580-05:00

2017-07-17T09:18:11.627-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0337

2017-03-07T20:59:00.597-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0338

2017-03-07T20:59:00.643-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0339

2017-04-05T10:59:00.337-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97333 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01.html An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-27930566. References: N-CVE-2017-0339.

cpe:/o:google:android:7.1.2

CVE-2017-0340

2017-07-07T10:29:00.267-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-12T15:08:47.730-04:00

BID 99477 CONFIRM https://source.android.com/security/bulletin/2017-07-01 An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Product: Android. Version: N/A. Android ID: A-33968204. References: N-CVE-2017-0340.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0341

2017-05-09T17:29:00.160-04:00

2017-05-17T14:58:25.187-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-05-17T14:52:41.007-04:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an access to a pointer that has not been initialized which may lead to denial of service or potential escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0342

2017-05-09T17:29:00.190-04:00

2017-05-17T15:01:40.067-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-05-17T14:49:33.407-04:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation may cause an invalid address access leading to denial of service or potential escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0343

2017-05-09T17:29:00.237-04:00

2017-05-17T15:05:33.010-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-17T14:48:55.670-04:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two functions leading to a denial of service or potential escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0344

2017-05-09T17:29:00.300-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-05-17T14:51:43.833-04:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape may allow users to gain access to arbitrary physical memory, leading to escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0345

2017-05-09T17:29:00.333-04:00

2017-05-17T15:08:48.990-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-05-17T14:50:15.237-04:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not correctly validated allows out of bound access in kernel memory and may lead to denial of service or potential escalation of privileges

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0346

2017-05-09T17:29:00.377-04:00

2017-05-24T21:29:00.697-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 BID 98503 All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0347

2017-05-09T17:29:00.410-04:00

2017-05-17T15:22:38.357-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-05-17T14:52:11.647-04:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to denial of service or potential escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0348

2017-05-09T17:29:00.457-04:00

2017-05-17T15:22:51.187-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-05-17T14:27:58.550-04:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0349

2017-05-09T17:29:00.503-04:00

2017-05-24T21:29:00.757-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 BID 98513 All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is not correctly validated before it is dereferenced for a write operation, may lead to denial of service or potential escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0350

2017-05-09T17:29:00.537-04:00

2017-06-04T21:29:00.287-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 BID 98490 All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset calculation may lead to denial of service or potential escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0351

2017-05-09T17:29:00.567-04:00

2017-06-04T21:29:00.333-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 BID 98497 All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0352

2017-05-09T17:29:00.597-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 BID 98517 All versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation of privileges

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0353

2017-05-09T17:29:00.627-04:00

2017-05-17T15:25:54.213-04:00

4.9

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-05-17T14:32:01.157-04:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of service

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0354

2017-05-09T17:29:00.660-04:00

2017-05-17T15:26:10.543-04:00

4.7

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-17T14:44:10.567-04:00

CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made under raised IRQL which may lead to a denial of service.

cpe:/a:nvidia:gpu_driver:-

CVE-2017-0355

2017-05-09T17:29:00.690-04:00

2017-05-24T21:29:00.883-04:00

4.9

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4462 BID 98516 All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service.

cpe:/a:ikiwiki:ikiwiki:1.0 cpe:/a:ikiwiki:ikiwiki:1.1 cpe:/a:ikiwiki:ikiwiki:1.1.47 cpe:/a:ikiwiki:ikiwiki:1.2 cpe:/a:ikiwiki:ikiwiki:1.3 cpe:/a:ikiwiki:ikiwiki:1.4 cpe:/a:ikiwiki:ikiwiki:1.5 cpe:/a:ikiwiki:ikiwiki:1.6 cpe:/a:ikiwiki:ikiwiki:1.7 cpe:/a:ikiwiki:ikiwiki:1.8 cpe:/a:ikiwiki:ikiwiki:1.9 cpe:/a:ikiwiki:ikiwiki:1.10 cpe:/a:ikiwiki:ikiwiki:1.11 cpe:/a:ikiwiki:ikiwiki:1.12 cpe:/a:ikiwiki:ikiwiki:1.13 cpe:/a:ikiwiki:ikiwiki:1.14 cpe:/a:ikiwiki:ikiwiki:1.15 cpe:/a:ikiwiki:ikiwiki:1.16 cpe:/a:ikiwiki:ikiwiki:1.17 cpe:/a:ikiwiki:ikiwiki:1.18 cpe:/a:ikiwiki:ikiwiki:1.19 cpe:/a:ikiwiki:ikiwiki:1.20 cpe:/a:ikiwiki:ikiwiki:1.21 cpe:/a:ikiwiki:ikiwiki:1.22 cpe:/a:ikiwiki:ikiwiki:1.23 cpe:/a:ikiwiki:ikiwiki:1.24 cpe:/a:ikiwiki:ikiwiki:1.25 cpe:/a:ikiwiki:ikiwiki:1.26 cpe:/a:ikiwiki:ikiwiki:1.27 cpe:/a:ikiwiki:ikiwiki:1.28 cpe:/a:ikiwiki:ikiwiki:1.29 cpe:/a:ikiwiki:ikiwiki:1.30 cpe:/a:ikiwiki:ikiwiki:1.31 cpe:/a:ikiwiki:ikiwiki:1.32 cpe:/a:ikiwiki:ikiwiki:1.33.3 cpe:/a:ikiwiki:ikiwiki:1.34 cpe:/a:ikiwiki:ikiwiki:1.34.1 cpe:/a:ikiwiki:ikiwiki:1.34.2 cpe:/a:ikiwiki:ikiwiki:1.35 cpe:/a:ikiwiki:ikiwiki:1.36 cpe:/a:ikiwiki:ikiwiki:1.37 cpe:/a:ikiwiki:ikiwiki:1.38 cpe:/a:ikiwiki:ikiwiki:1.39 cpe:/a:ikiwiki:ikiwiki:1.40 cpe:/a:ikiwiki:ikiwiki:1.41 cpe:/a:ikiwiki:ikiwiki:1.42 cpe:/a:ikiwiki:ikiwiki:1.43 cpe:/a:ikiwiki:ikiwiki:1.44 cpe:/a:ikiwiki:ikiwiki:1.45 cpe:/a:ikiwiki:ikiwiki:1.46 cpe:/a:ikiwiki:ikiwiki:1.47 cpe:/a:ikiwiki:ikiwiki:1.48 cpe:/a:ikiwiki:ikiwiki:1.49 cpe:/a:ikiwiki:ikiwiki:1.50 cpe:/a:ikiwiki:ikiwiki:1.51 cpe:/a:ikiwiki:ikiwiki:2.0 cpe:/a:ikiwiki:ikiwiki:2.1 cpe:/a:ikiwiki:ikiwiki:2.2 cpe:/a:ikiwiki:ikiwiki:2.3 cpe:/a:ikiwiki:ikiwiki:2.4 cpe:/a:ikiwiki:ikiwiki:2.5 cpe:/a:ikiwiki:ikiwiki:2.6 cpe:/a:ikiwiki:ikiwiki:2.6.1 cpe:/a:ikiwiki:ikiwiki:2.7 cpe:/a:ikiwiki:ikiwiki:2.8 cpe:/a:ikiwiki:ikiwiki:2.9 cpe:/a:ikiwiki:ikiwiki:2.10 cpe:/a:ikiwiki:ikiwiki:2.11 cpe:/a:ikiwiki:ikiwiki:2.12 cpe:/a:ikiwiki:ikiwiki:2.13 cpe:/a:ikiwiki:ikiwiki:2.14 cpe:/a:ikiwiki:ikiwiki:2.15 cpe:/a:ikiwiki:ikiwiki:2.16 cpe:/a:ikiwiki:ikiwiki:2.17 cpe:/a:ikiwiki:ikiwiki:2.18 cpe:/a:ikiwiki:ikiwiki:2.19 cpe:/a:ikiwiki:ikiwiki:2.20 cpe:/a:ikiwiki:ikiwiki:2.30 cpe:/a:ikiwiki:ikiwiki:2.31 cpe:/a:ikiwiki:ikiwiki:2.31.1 cpe:/a:ikiwiki:ikiwiki:2.31.2 cpe:/a:ikiwiki:ikiwiki:2.31.3 cpe:/a:ikiwiki:ikiwiki:2.40 cpe:/a:ikiwiki:ikiwiki:2.41 cpe:/a:ikiwiki:ikiwiki:2.42 cpe:/a:ikiwiki:ikiwiki:2.43 cpe:/a:ikiwiki:ikiwiki:2.44 cpe:/a:ikiwiki:ikiwiki:2.45 cpe:/a:ikiwiki:ikiwiki:2.46 cpe:/a:ikiwiki:ikiwiki:2.47 cpe:/a:ikiwiki:ikiwiki:2.48 cpe:/a:ikiwiki:ikiwiki:2.49 cpe:/a:ikiwiki:ikiwiki:2.50 cpe:/a:ikiwiki:ikiwiki:2.51 cpe:/a:ikiwiki:ikiwiki:2.52 cpe:/a:ikiwiki:ikiwiki:2.53 cpe:/a:ikiwiki:ikiwiki:2.54 cpe:/a:ikiwiki:ikiwiki:2.55 cpe:/a:ikiwiki:ikiwiki:2.56 cpe:/a:ikiwiki:ikiwiki:2.60 cpe:/a:ikiwiki:ikiwiki:2.61 cpe:/a:ikiwiki:ikiwiki:2.62 cpe:/a:ikiwiki:ikiwiki:2.62.1 cpe:/a:ikiwiki:ikiwiki:2.63 cpe:/a:ikiwiki:ikiwiki:2.64 cpe:/a:ikiwiki:ikiwiki:2.65 cpe:/a:ikiwiki:ikiwiki:2.66 cpe:/a:ikiwiki:ikiwiki:2.67 cpe:/a:ikiwiki:ikiwiki:2.68 cpe:/a:ikiwiki:ikiwiki:2.69 cpe:/a:ikiwiki:ikiwiki:2.70 cpe:/a:ikiwiki:ikiwiki:2.71 cpe:/a:ikiwiki:ikiwiki:2.72 cpe:/a:ikiwiki:ikiwiki:3.0 cpe:/a:ikiwiki:ikiwiki:3.01 cpe:/a:ikiwiki:ikiwiki:3.02 cpe:/a:ikiwiki:ikiwiki:3.03 cpe:/a:ikiwiki:ikiwiki:3.04 cpe:/a:ikiwiki:ikiwiki:3.05 cpe:/a:ikiwiki:ikiwiki:3.06 cpe:/a:ikiwiki:ikiwiki:3.07 cpe:/a:ikiwiki:ikiwiki:3.08 cpe:/a:ikiwiki:ikiwiki:3.09 cpe:/a:ikiwiki:ikiwiki:3.10 cpe:/a:ikiwiki:ikiwiki:3.11 cpe:/a:ikiwiki:ikiwiki:3.12 cpe:/a:ikiwiki:ikiwiki:3.13 cpe:/a:ikiwiki:ikiwiki:3.14 cpe:/a:ikiwiki:ikiwiki:3.141 cpe:/a:ikiwiki:ikiwiki:3.1415 cpe:/a:ikiwiki:ikiwiki:3.14159 cpe:/a:ikiwiki:ikiwiki:3.141592 cpe:/a:ikiwiki:ikiwiki:3.1415926 cpe:/a:ikiwiki:ikiwiki:3.14159265 cpe:/a:ikiwiki:ikiwiki:3.20091009 cpe:/a:ikiwiki:ikiwiki:3.20091017 cpe:/a:ikiwiki:ikiwiki:3.20091022 cpe:/a:ikiwiki:ikiwiki:3.20091023 cpe:/a:ikiwiki:ikiwiki:3.20091031 cpe:/a:ikiwiki:ikiwiki:3.20091113 cpe:/a:ikiwiki:ikiwiki:3.20091202 cpe:/a:ikiwiki:ikiwiki:3.20091218 cpe:/a:ikiwiki:ikiwiki:3.20100102.3 cpe:/a:ikiwiki:ikiwiki:3.20100122 cpe:/a:ikiwiki:ikiwiki:3.20100212 cpe:/a:ikiwiki:ikiwiki:3.20100302 cpe:/a:ikiwiki:ikiwiki:3.20100312 cpe:/a:ikiwiki:ikiwiki:3.20100403 cpe:/a:ikiwiki:ikiwiki:3.20100427 cpe:/a:ikiwiki:ikiwiki:3.20100501 cpe:/a:ikiwiki:ikiwiki:3.20100504 cpe:/a:ikiwiki:ikiwiki:3.20100515 cpe:/a:ikiwiki:ikiwiki:3.20100518 cpe:/a:ikiwiki:ikiwiki:3.20100518.2 cpe:/a:ikiwiki:ikiwiki:3.20100610 cpe:/a:ikiwiki:ikiwiki:3.20100623 cpe:/a:ikiwiki:ikiwiki:3.20100722 cpe:/a:ikiwiki:ikiwiki:3.20100804 cpe:/a:ikiwiki:ikiwiki:3.20100815 cpe:/a:ikiwiki:ikiwiki:3.20100831 cpe:/a:ikiwiki:ikiwiki:3.20100926 cpe:/a:ikiwiki:ikiwiki:3.20101019 cpe:/a:ikiwiki:ikiwiki:3.20101023 cpe:/a:ikiwiki:ikiwiki:3.20101112 cpe:/a:ikiwiki:ikiwiki:3.20101129 cpe:/a:ikiwiki:ikiwiki:3.20101201 cpe:/a:ikiwiki:ikiwiki:3.20101231 cpe:/a:ikiwiki:ikiwiki:3.20110105 cpe:/a:ikiwiki:ikiwiki:3.20110123 cpe:/a:ikiwiki:ikiwiki:3.20110124 cpe:/a:ikiwiki:ikiwiki:3.20110225 cpe:/a:ikiwiki:ikiwiki:3.20110321 cpe:/a:ikiwiki:ikiwiki:3.20160121 cpe:/a:ikiwiki:ikiwiki:3.20161219 cpe:/a:ikiwiki:ikiwiki:3.20161229 cpe:/o:debian:debian_linux:7.0 cpe:/o:debian:debian_linux:8.0

CVE-2017-0356

2018-04-13T11:29:00.273-04:00

2018-05-18T11:40:11.987-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2018-05-16T11:43:01.820-04:00

BID 95420 CONFIRM https://ikiwiki.info/security/#cve-2017-0356 MLIST [oss-security] 20170112 ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters DEBIAN DSA-3760 A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.

cpe:/a:iucode-tool_project:iucode-tool:1.4 cpe:/a:iucode-tool_project:iucode-tool:1.5 cpe:/a:iucode-tool_project:iucode-tool:1.5.1 cpe:/a:iucode-tool_project:iucode-tool:1.5.2 cpe:/a:iucode-tool_project:iucode-tool:1.6 cpe:/a:iucode-tool_project:iucode-tool:1.6.1 cpe:/a:iucode-tool_project:iucode-tool:2.0 cpe:/a:iucode-tool_project:iucode-tool:2.1 cpe:/o:debian:debian_linux:9.0

CVE-2017-0357

2018-04-13T11:29:00.337-04:00

2018-05-18T10:39:08.447-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2018-05-15T13:16:37.923-04:00

BID 95432 CONFIRM https://gitlab.com/iucode-tool/iucode-tool/issues/3 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0357 A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption.

cpe:/a:tuxera:ntfs-3g:2016.2.22 cpe:/o:debian:debian_linux:8.0

CVE-2017-0358

2018-04-13T11:29:00.397-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov MLIST [oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables BID 95987 MLIST [oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables GENTOO GLSA-201702-10 DEBIAN DSA-3780 EXPLOIT-DB 41240 EXPLOIT-DB 41356 Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.

cpe:/a:diffoscope:diffoscope:77 cpe:/o:debian:debian_linux:9.0

CVE-2017-0359

2018-04-13T12:29:00.220-04:00

2019-10-02T20:03:26.223-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2018-05-16T11:13:41.167-04:00

CONFIRM https://bugs.debian.org/854723 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0359 diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.

cpe:/a:tryton:tryton:3.0.0 cpe:/a:tryton:tryton:3.0.1 cpe:/a:tryton:tryton:3.0.2 cpe:/a:tryton:tryton:3.0.3 cpe:/a:tryton:tryton:3.0.4 cpe:/a:tryton:tryton:3.0.5 cpe:/a:tryton:tryton:3.0.6 cpe:/a:tryton:tryton:3.0.7 cpe:/a:tryton:tryton:3.0.8 cpe:/a:tryton:tryton:3.0.9 cpe:/a:tryton:tryton:3.0.10 cpe:/a:tryton:tryton:3.0.11 cpe:/a:tryton:tryton:3.0.12 cpe:/a:tryton:tryton:3.0.13 cpe:/a:tryton:tryton:3.0.14 cpe:/a:tryton:tryton:3.0.15 cpe:/a:tryton:tryton:3.0.16 cpe:/a:tryton:tryton:3.0.17 cpe:/a:tryton:tryton:3.2.0 cpe:/a:tryton:tryton:3.2.1 cpe:/a:tryton:tryton:3.2.2 cpe:/a:tryton:tryton:3.2.3 cpe:/a:tryton:tryton:3.2.4 cpe:/a:tryton:tryton:3.2.5 cpe:/a:tryton:tryton:3.2.6 cpe:/a:tryton:tryton:3.2.7 cpe:/a:tryton:tryton:3.2.8 cpe:/a:tryton:tryton:3.2.9 cpe:/a:tryton:tryton:3.2.10 cpe:/a:tryton:tryton:3.2.11 cpe:/a:tryton:tryton:3.2.12 cpe:/a:tryton:tryton:3.2.13 cpe:/a:tryton:tryton:3.2.14 cpe:/a:tryton:tryton:3.2.15 cpe:/a:tryton:tryton:3.2.16 cpe:/a:tryton:tryton:3.2.17 cpe:/a:tryton:tryton:3.4.0 cpe:/a:tryton:tryton:3.4.1 cpe:/a:tryton:tryton:3.4.2 cpe:/a:tryton:tryton:3.4.3 cpe:/a:tryton:tryton:3.4.4 cpe:/a:tryton:tryton:3.4.5 cpe:/a:tryton:tryton:3.4.6 cpe:/a:tryton:tryton:3.4.7 cpe:/a:tryton:tryton:3.4.8 cpe:/a:tryton:tryton:3.4.9 cpe:/a:tryton:tryton:3.4.10 cpe:/a:tryton:tryton:3.4.11 cpe:/a:tryton:tryton:3.4.12 cpe:/a:tryton:tryton:3.4.13 cpe:/a:tryton:tryton:3.4.14 cpe:/a:tryton:tryton:3.4.15 cpe:/a:tryton:tryton:3.4.16 cpe:/a:tryton:tryton:3.4.17 cpe:/a:tryton:tryton:3.6.0 cpe:/a:tryton:tryton:3.6.1 cpe:/a:tryton:tryton:3.6.2 cpe:/a:tryton:tryton:3.6.3 cpe:/a:tryton:tryton:3.6.4 cpe:/a:tryton:tryton:3.6.5 cpe:/a:tryton:tryton:3.6.6 cpe:/a:tryton:tryton:3.6.7 cpe:/a:tryton:tryton:3.6.8 cpe:/a:tryton:tryton:3.6.9 cpe:/a:tryton:tryton:3.6.10 cpe:/a:tryton:tryton:3.6.11 cpe:/a:tryton:tryton:3.6.12 cpe:/a:tryton:tryton:3.6.13 cpe:/a:tryton:tryton:3.6.14 cpe:/a:tryton:tryton:3.6.15 cpe:/a:tryton:tryton:3.6.16 cpe:/a:tryton:tryton:3.8.0 cpe:/a:tryton:tryton:3.8.1 cpe:/a:tryton:tryton:3.8.2 cpe:/a:tryton:tryton:3.8.3 cpe:/a:tryton:tryton:3.8.4 cpe:/a:tryton:tryton:3.8.5 cpe:/a:tryton:tryton:3.8.6 cpe:/a:tryton:tryton:3.8.7 cpe:/a:tryton:tryton:3.8.8 cpe:/a:tryton:tryton:3.8.9 cpe:/a:tryton:tryton:3.8.10 cpe:/a:tryton:tryton:3.8.11 cpe:/a:tryton:tryton:3.8.12 cpe:/a:tryton:tryton:3.8.13 cpe:/a:tryton:tryton:3.8.14 cpe:/a:tryton:tryton:4.0.0 cpe:/a:tryton:tryton:4.0.1 cpe:/a:tryton:tryton:4.0.2 cpe:/a:tryton:tryton:4.0.3 cpe:/a:tryton:tryton:4.0.4 cpe:/a:tryton:tryton:4.0.5 cpe:/a:tryton:tryton:4.0.6 cpe:/a:tryton:tryton:4.0.7 cpe:/a:tryton:tryton:4.0.8 cpe:/a:tryton:tryton:4.0.9 cpe:/a:tryton:tryton:4.2.0 cpe:/a:tryton:tryton:4.2.1 cpe:/a:tryton:tryton:4.2.2

CVE-2017-0360

2017-04-04T13:59:00.240-04:00

2019-10-02T20:03:26.223-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8 DEBIAN DSA-3826 BID 97489 CONFIRM https://lists.debian.org/debian-security-announce/2017/msg00084.html file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.

cpe:/a:mediawiki:mediawiki:1.23.0 cpe:/a:mediawiki:mediawiki:1.23.0:rc0 cpe:/a:mediawiki:mediawiki:1.23.0:rc1 cpe:/a:mediawiki:mediawiki:1.23.0:rc2 cpe:/a:mediawiki:mediawiki:1.23.0:rc3 cpe:/a:mediawiki:mediawiki:1.23.1 cpe:/a:mediawiki:mediawiki:1.23.2 cpe:/a:mediawiki:mediawiki:1.23.3 cpe:/a:mediawiki:mediawiki:1.23.4 cpe:/a:mediawiki:mediawiki:1.23.5 cpe:/a:mediawiki:mediawiki:1.23.6 cpe:/a:mediawiki:mediawiki:1.23.7 cpe:/a:mediawiki:mediawiki:1.23.8 cpe:/a:mediawiki:mediawiki:1.23.9 cpe:/a:mediawiki:mediawiki:1.23.10 cpe:/a:mediawiki:mediawiki:1.23.11 cpe:/a:mediawiki:mediawiki:1.23.12 cpe:/a:mediawiki:mediawiki:1.23.13 cpe:/a:mediawiki:mediawiki:1.23.14 cpe:/a:mediawiki:mediawiki:1.23.15 cpe:/a:mediawiki:mediawiki:1.23.16 cpe:/a:mediawiki:mediawiki:1.27.0 cpe:/a:mediawiki:mediawiki:1.27.0:rc0 cpe:/a:mediawiki:mediawiki:1.27.0:rc1 cpe:/a:mediawiki:mediawiki:1.27.1 cpe:/a:mediawiki:mediawiki:1.28.0 cpe:/a:mediawiki:mediawiki:1.28.0:rc0 cpe:/a:mediawiki:mediawiki:1.28.0:rc1 cpe:/o:debian:debian_linux:7.0

CVE-2017-0361

2018-04-13T12:29:00.283-04:00

2018-05-14T13:09:55.187-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-05-14T08:03:42.710-04:00

SECTRACK 1039812 MLIST [mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16 CONFIRM https://phabricator.wikimedia.org/T125177 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0361 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

CVE-2017-0362

2018-04-13T12:29:00.347-04:00

2018-05-15T09:21:28.380-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2018-05-14T10:45:49.673-04:00

MLIST [mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16 CONFIRM https://phabricator.wikimedia.org/T150044 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0362 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.

CVE-2017-0363

2018-04-13T12:29:00.407-04:00

2018-05-14T11:20:23.850-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-05-14T10:43:02.070-04:00

MLIST [mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16 CONFIRM https://phabricator.wikimedia.org/T109140 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0363 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.

CVE-2017-0364

2018-04-13T12:29:00.470-04:00

2018-05-14T11:26:07.833-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-05-14T10:32:42.847-04:00

MLIST [mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16 CONFIRM https://phabricator.wikimedia.org/T122209 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0364 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.

CVE-2017-0365

2018-04-13T12:29:00.547-04:00

2018-05-14T10:42:51.913-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-05-14T09:35:38.820-04:00

MLIST [mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16 CONFIRM https://phabricator.wikimedia.org/T144845 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0365 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.

CVE-2017-0366

2018-04-13T12:29:00.610-04:00

2018-05-14T11:28:19.513-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-05-14T09:58:44.513-04:00

MLIST [mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16 CONFIRM https://phabricator.wikimedia.org/T151735 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0366 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.

cpe:/a:mediawiki:mediawiki:1.27.0 cpe:/a:mediawiki:mediawiki:1.27.0:rc0 cpe:/a:mediawiki:mediawiki:1.27.0:rc1 cpe:/a:mediawiki:mediawiki:1.27.1 cpe:/a:mediawiki:mediawiki:1.28.0 cpe:/a:mediawiki:mediawiki:1.28.0:rc0 cpe:/a:mediawiki:mediawiki:1.28.0:rc1 cpe:/o:debian:debian_linux:7.0

CVE-2017-0367

2018-04-13T12:29:00.673-04:00

2019-10-02T20:03:26.223-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2018-05-14T09:51:50.733-04:00

MLIST [mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16 CONFIRM https://phabricator.wikimedia.org/T161453 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0367 Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.

CVE-2017-0368

2018-04-13T12:29:00.737-04:00

2018-05-14T11:35:33.197-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-05-14T09:31:43.343-04:00

MLIST [mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16 CONFIRM https://phabricator.wikimedia.org/T156184 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0368 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.

CVE-2017-0369

2018-04-13T12:29:00.813-04:00

2019-10-02T20:03:26.223-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-05-14T09:26:35.080-04:00

MLIST [mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16 CONFIRM https://phabricator.wikimedia.org/T108138 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0369 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

CVE-2017-0370

2018-04-13T12:29:00.877-04:00

2018-05-14T11:41:14.303-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-05-14T09:18:01.107-04:00

MLIST [mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16 CONFIRM https://phabricator.wikimedia.org/T48143 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0370 Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.

cpe:/a:mediawiki:mediawiki:1.23.15 cpe:/a:mediawiki:mediawiki:1.27.0 cpe:/a:mediawiki:mediawiki:1.27.1 cpe:/a:mediawiki:mediawiki:1.27.2 cpe:/a:mediawiki:mediawiki:1.28.0 cpe:/a:mediawiki:mediawiki:1.28.1 cpe:/o:debian:debian_linux:7.0 cpe:/o:debian:debian_linux:9.0

CVE-2017-0372

2018-04-13T12:29:00.940-04:00

2018-05-17T11:25:06.140-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2018-05-16T13:31:03.440-04:00

MISC https://bugs.debian.org/861585 MLIST [mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16 MLIST [mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2 CONFIRM https://phabricator.wikimedia.org/T158689 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0372 Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

cpe:/a:config-model_project:config-model:2.101

CVE-2017-0373

2017-05-23T14:29:00.180-04:00

2017-06-08T08:07:01.247-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-06-06T15:05:15.300-04:00

CONFIRM http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes CONFIRM https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0373 The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.

cpe:/a:config-model_project:config-model:2.101

CVE-2017-0374

2017-05-23T14:29:00.240-04:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-06-06T15:03:46.450-04:00

CONFIRM http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes CONFIRM https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573 CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0374 lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array.

cpe:/a:torproject:tor:0.0.2 cpe:/a:torproject:tor:0.0.2:pre13 cpe:/a:torproject:tor:0.0.2:pre14 cpe:/a:torproject:tor:0.0.2:pre15 cpe:/a:torproject:tor:0.0.2:pre16 cpe:/a:torproject:tor:0.0.2:pre17 cpe:/a:torproject:tor:0.0.2:pre18 cpe:/a:torproject:tor:0.0.2:pre19 cpe:/a:torproject:tor:0.0.2:pre20 cpe:/a:torproject:tor:0.0.2:pre21 cpe:/a:torproject:tor:0.0.2:pre22 cpe:/a:torproject:tor:0.0.2:pre23 cpe:/a:torproject:tor:0.0.2:pre24 cpe:/a:torproject:tor:0.0.2:pre25 cpe:/a:torproject:tor:0.0.2:pre26 cpe:/a:torproject:tor:0.0.2:pre27 cpe:/a:torproject:tor:0.0.2:pre8 cpe:/a:torproject:tor:0.0.3 cpe:/a:torproject:tor:0.0.4 cpe:/a:torproject:tor:0.0.5 cpe:/a:torproject:tor:0.0.6 cpe:/a:torproject:tor:0.0.6.1 cpe:/a:torproject:tor:0.0.6.2 cpe:/a:torproject:tor:0.0.7 cpe:/a:torproject:tor:0.0.7.1 cpe:/a:torproject:tor:0.0.7.2 cpe:/a:torproject:tor:0.0.7.3 cpe:/a:torproject:tor:0.0.8 cpe:/a:torproject:tor:0.0.8:pre1 cpe:/a:torproject:tor:0.0.8:pre2 cpe:/a:torproject:tor:0.0.8:pre3 cpe:/a:torproject:tor:0.0.8:rc1 cpe:/a:torproject:tor:0.0.8:rc2 cpe:/a:torproject:tor:0.0.8.1 cpe:/a:torproject:tor:0.0.9 cpe:/a:torproject:tor:0.0.9:pre1 cpe:/a:torproject:tor:0.0.9:pre2 cpe:/a:torproject:tor:0.0.9:pre3 cpe:/a:torproject:tor:0.0.9:pre4 cpe:/a:torproject:tor:0.0.9:pre5 cpe:/a:torproject:tor:0.0.9:pre6 cpe:/a:torproject:tor:0.0.9:rc1 cpe:/a:torproject:tor:0.0.9:rc2 cpe:/a:torproject:tor:0.0.9:rc3 cpe:/a:torproject:tor:0.0.9:rc4 cpe:/a:torproject:tor:0.0.9:rc5 cpe:/a:torproject:tor:0.0.9:rc6 cpe:/a:torproject:tor:0.0.9:rc7 cpe:/a:torproject:tor:0.0.9.1 cpe:/a:torproject:tor:0.0.9.2 cpe:/a:torproject:tor:0.0.9.3 cpe:/a:torproject:tor:0.0.9.4 cpe:/a:torproject:tor:0.0.9.5 cpe:/a:torproject:tor:0.0.9.6 cpe:/a:torproject:tor:0.0.9.7 cpe:/a:torproject:tor:0.0.9.8 cpe:/a:torproject:tor:0.0.9.9 cpe:/a:torproject:tor:0.0.9.10 cpe:/a:torproject:tor:0.1.0.1 cpe:/a:torproject:tor:0.1.0.2 cpe:/a:torproject:tor:0.1.0.4 cpe:/a:torproject:tor:0.1.0.5 cpe:/a:torproject:tor:0.1.0.6 cpe:/a:torproject:tor:0.1.0.7 cpe:/a:torproject:tor:0.1.0.9 cpe:/a:torproject:tor:0.1.0.10 cpe:/a:torproject:tor:0.1.0.11 cpe:/a:torproject:tor:0.1.0.12 cpe:/a:torproject:tor:0.1.0.13 cpe:/a:torproject:tor:0.1.0.14 cpe:/a:torproject:tor:0.1.0.15 cpe:/a:torproject:tor:0.1.0.16 cpe:/a:torproject:tor:0.1.0.17 cpe:/a:torproject:tor:0.1.1.1:alpha cpe:/a:torproject:tor:0.1.1.2:alpha cpe:/a:torproject:tor:0.1.1.4:alpha cpe:/a:torproject:tor:0.1.1.5:alpha cpe:/a:torproject:tor:0.1.1.6:alpha cpe:/a:torproject:tor:0.1.1.7:alpha cpe:/a:torproject:tor:0.1.1.8:alpha cpe:/a:torproject:tor:0.1.1.9:alpha cpe:/a:torproject:tor:0.1.1.10:alpha cpe:/a:torproject:tor:0.1.1.11:alpha cpe:/a:torproject:tor:0.1.1.12:alpha cpe:/a:torproject:tor:0.1.1.13:alpha cpe:/a:torproject:tor:0.1.1.14:alpha cpe:/a:torproject:tor:0.1.1.15 cpe:/a:torproject:tor:0.1.1.16 cpe:/a:torproject:tor:0.1.1.17 cpe:/a:torproject:tor:0.1.1.18 cpe:/a:torproject:tor:0.1.1.19 cpe:/a:torproject:tor:0.1.1.20 cpe:/a:torproject:tor:0.1.1.21 cpe:/a:torproject:tor:0.1.1.22 cpe:/a:torproject:tor:0.1.1.23 cpe:/a:torproject:tor:0.1.1.24 cpe:/a:torproject:tor:0.1.1.25 cpe:/a:torproject:tor:0.1.1.26 cpe:/a:torproject:tor:0.1.2.1:alpha cpe:/a:torproject:tor:0.1.2.2:alpha cpe:/a:torproject:tor:0.1.2.3:alpha cpe:/a:torproject:tor:0.1.2.4:alpha cpe:/a:torproject:tor:0.1.2.5:alpha cpe:/a:torproject:tor:0.1.2.6:alpha cpe:/a:torproject:tor:0.1.2.7:alpha cpe:/a:torproject:tor:0.1.2.8:beta cpe:/a:torproject:tor:0.1.2.9 cpe:/a:torproject:tor:0.1.2.10 cpe:/a:torproject:tor:0.1.2.11 cpe:/a:torproject:tor:0.1.2.12 cpe:/a:torproject:tor:0.1.2.13 cpe:/a:torproject:tor:0.1.2.14 cpe:/a:torproject:tor:0.1.2.15 cpe:/a:torproject:tor:0.1.2.16 cpe:/a:torproject:tor:0.1.2.17 cpe:/a:torproject:tor:0.1.2.18 cpe:/a:torproject:tor:0.1.2.19 cpe:/a:torproject:tor:0.2.0.1:alpha cpe:/a:torproject:tor:0.2.0.2:alpha cpe:/a:torproject:tor:0.2.0.3:alpha cpe:/a:torproject:tor:0.2.0.4:alpha cpe:/a:torproject:tor:0.2.0.5:alpha cpe:/a:torproject:tor:0.2.0.6:alpha cpe:/a:torproject:tor:0.2.0.7:alpha cpe:/a:torproject:tor:0.2.0.8:alpha cpe:/a:torproject:tor:0.2.0.9:alpha cpe:/a:torproject:tor:0.2.0.10:alpha cpe:/a:torproject:tor:0.2.0.11:alpha cpe:/a:torproject:tor:0.2.0.12:alpha cpe:/a:torproject:tor:0.2.0.13:alpha cpe:/a:torproject:tor:0.2.0.14:alpha cpe:/a:torproject:tor:0.2.0.15:alpha cpe:/a:torproject:tor:0.2.0.16:alpha cpe:/a:torproject:tor:0.2.0.17:alpha cpe:/a:torproject:tor:0.2.0.18:alpha cpe:/a:torproject:tor:0.2.0.19:alpha cpe:/a:torproject:tor:0.2.0.20 cpe:/a:torproject:tor:0.2.0.21 cpe:/a:torproject:tor:0.2.0.22 cpe:/a:torproject:tor:0.2.0.23 cpe:/a:torproject:tor:0.2.0.24 cpe:/a:torproject:tor:0.2.0.25 cpe:/a:torproject:tor:0.2.0.26 cpe:/a:torproject:tor:0.2.0.27 cpe:/a:torproject:tor:0.2.0.28 cpe:/a:torproject:tor:0.2.0.29 cpe:/a:torproject:tor:0.2.0.30 cpe:/a:torproject:tor:0.2.0.31 cpe:/a:torproject:tor:0.2.0.32 cpe:/a:torproject:tor:0.2.0.33 cpe:/a:torproject:tor:0.2.0.34 cpe:/a:torproject:tor:0.2.0.35 cpe:/a:torproject:tor:0.2.1.1:alpha cpe:/a:torproject:tor:0.2.1.2:alpha cpe:/a:torproject:tor:0.2.1.3:alpha cpe:/a:torproject:tor:0.2.1.4:alpha cpe:/a:torproject:tor:0.2.1.5:alpha cpe:/a:torproject:tor:0.2.1.6:alpha cpe:/a:torproject:tor:0.2.1.7:alpha cpe:/a:torproject:tor:0.2.1.8:alpha cpe:/a:torproject:tor:0.2.1.9:alpha cpe:/a:torproject:tor:0.2.1.10:alpha cpe:/a:torproject:tor:0.2.1.11:alpha cpe:/a:torproject:tor:0.2.1.12:alpha cpe:/a:torproject:tor:0.2.1.13:alpha cpe:/a:torproject:tor:0.2.1.14 cpe:/a:torproject:tor:0.2.1.15 cpe:/a:torproject:tor:0.2.1.16 cpe:/a:torproject:tor:0.2.1.17 cpe:/a:torproject:tor:0.2.1.18 cpe:/a:torproject:tor:0.2.1.19 cpe:/a:torproject:tor:0.2.1.20 cpe:/a:torproject:tor:0.2.1.21 cpe:/a:torproject:tor:0.2.1.22 cpe:/a:torproject:tor:0.2.1.23 cpe:/a:torproject:tor:0.2.1.24 cpe:/a:torproject:tor:0.2.1.25 cpe:/a:torproject:tor:0.2.1.26 cpe:/a:torproject:tor:0.2.1.27 cpe:/a:torproject:tor:0.2.1.28 cpe:/a:torproject:tor:0.2.1.29 cpe:/a:torproject:tor:0.2.1.30 cpe:/a:torproject:tor:0.2.1.31 cpe:/a:torproject:tor:0.2.1.32 cpe:/a:torproject:tor:0.2.2.1:alpha cpe:/a:torproject:tor:0.2.2.2:alpha cpe:/a:torproject:tor:0.2.2.3:alpha cpe:/a:torproject:tor:0.2.2.4:alpha cpe:/a:torproject:tor:0.2.2.5:alpha cpe:/a:torproject:tor:0.2.2.6:alpha cpe:/a:torproject:tor:0.2.2.7:alpha cpe:/a:torproject:tor:0.2.2.8:alpha cpe:/a:torproject:tor:0.2.2.9:alpha cpe:/a:torproject:tor:0.2.2.10:alpha cpe:/a:torproject:tor:0.2.2.11:alpha cpe:/a:torproject:tor:0.2.2.12:alpha cpe:/a:torproject:tor:0.2.2.13:alpha cpe:/a:torproject:tor:0.2.2.14:alpha cpe:/a:torproject:tor:0.2.2.15:alpha cpe:/a:torproject:tor:0.2.2.16:alpha cpe:/a:torproject:tor:0.2.2.17:alpha cpe:/a:torproject:tor:0.2.2.18 cpe:/a:torproject:tor:0.2.2.18:alpha cpe:/a:torproject:tor:0.2.2.19 cpe:/a:torproject:tor:0.2.2.19:alpha cpe:/a:torproject:tor:0.2.2.20 cpe:/a:torproject:tor:0.2.2.20:alpha cpe:/a:torproject:tor:0.2.2.21 cpe:/a:torproject:tor:0.2.2.21:alpha cpe:/a:torproject:tor:0.2.2.22 cpe:/a:torproject:tor:0.2.2.22:alpha cpe:/a:torproject:tor:0.2.2.23 cpe:/a:torproject:tor:0.2.2.23:alpha cpe:/a:torproject:tor:0.2.2.24 cpe:/a:torproject:tor:0.2.2.24:alpha cpe:/a:torproject:tor:0.2.2.25 cpe:/a:torproject:tor:0.2.2.25:alpha cpe:/a:torproject:tor:0.2.2.26 cpe:/a:torproject:tor:0.2.2.26:beta cpe:/a:torproject:tor:0.2.2.27 cpe:/a:torproject:tor:0.2.2.27:beta cpe:/a:torproject:tor:0.2.2.28 cpe:/a:torproject:tor:0.2.2.28:beta cpe:/a:torproject:tor:0.2.2.29 cpe:/a:torproject:tor:0.2.2.29:beta cpe:/a:torproject:tor:0.2.2.30 cpe:/a:torproject:tor:0.2.2.31 cpe:/a:torproject:tor:0.2.2.32 cpe:/a:torproject:tor:0.2.2.33 cpe:/a:torproject:tor:0.2.2.34 cpe:/a:torproject:tor:0.2.2.35 cpe:/a:torproject:tor:0.2.2.36 cpe:/a:torproject:tor:0.2.2.37 cpe:/a:torproject:tor:0.2.2.38 cpe:/a:torproject:tor:0.2.2.39 cpe:/a:torproject:tor:0.2.3 cpe:/a:torproject:tor:0.2.3.1:alpha cpe:/a:torproject:tor:0.2.3.2:alpha cpe:/a:torproject:tor:0.2.3.3:alpha cpe:/a:torproject:tor:0.2.3.4:alpha cpe:/a:torproject:tor:0.2.3.5:alpha cpe:/a:torproject:tor:0.2.3.6:alpha cpe:/a:torproject:tor:0.2.3.7:alpha cpe:/a:torproject:tor:0.2.3.8:alpha cpe:/a:torproject:tor:0.2.3.9:alpha cpe:/a:torproject:tor:0.2.3.10:alpha cpe:/a:torproject:tor:0.2.3.11:alpha cpe:/a:torproject:tor:0.2.3.12:alpha cpe:/a:torproject:tor:0.2.3.13:alpha cpe:/a:torproject:tor:0.2.3.14:alpha cpe:/a:torproject:tor:0.2.3.15:alpha cpe:/a:torproject:tor:0.2.3.16:alpha cpe:/a:torproject:tor:0.2.3.17:beta cpe:/a:torproject:tor:0.2.3.18 cpe:/a:torproject:tor:0.2.3.18:rc cpe:/a:torproject:tor:0.2.3.19 cpe:/a:torproject:tor:0.2.3.19:rc cpe:/a:torproject:tor:0.2.3.20 cpe:/a:torproject:tor:0.2.3.20:rc cpe:/a:torproject:tor:0.2.3.21 cpe:/a:torproject:tor:0.2.3.21:rc cpe:/a:torproject:tor:0.2.3.22 cpe:/a:torproject:tor:0.2.3.22:rc cpe:/a:torproject:tor:0.2.3.23 cpe:/a:torproject:tor:0.2.3.23:rc cpe:/a:torproject:tor:0.2.3.24 cpe:/a:torproject:tor:0.2.3.24:rc cpe:/a:torproject:tor:0.2.3.25 cpe:/a:torproject:tor:0.2.4.1:alpha cpe:/a:torproject:tor:0.2.4.2:alpha cpe:/a:torproject:tor:0.2.4.3:alpha cpe:/a:torproject:tor:0.2.4.4:alpha cpe:/a:torproject:tor:0.2.4.5:alpha cpe:/a:torproject:tor:0.2.4.6:alpha cpe:/a:torproject:tor:0.2.4.7:alpha cpe:/a:torproject:tor:0.2.4.8:alpha cpe:/a:torproject:tor:0.2.4.9:alpha cpe:/a:torproject:tor:0.2.4.10:alpha cpe:/a:torproject:tor:0.2.4.11:alpha cpe:/a:torproject:tor:0.2.4.12:alpha cpe:/a:torproject:tor:0.2.4.13:alpha cpe:/a:torproject:tor:0.2.4.14:alpha cpe:/a:torproject:tor:0.2.4.15 cpe:/a:torproject:tor:0.2.4.15:rc cpe:/a:torproject:tor:0.2.4.16 cpe:/a:torproject:tor:0.2.4.16:rc cpe:/a:torproject:tor:0.2.4.17 cpe:/a:torproject:tor:0.2.4.17:rc cpe:/a:torproject:tor:0.2.4.18 cpe:/a:torproject:tor:0.2.4.18:rc cpe:/a:torproject:tor:0.2.4.19 cpe:/a:torproject:tor:0.2.4.20 cpe:/a:torproject:tor:0.2.4.21 cpe:/a:torproject:tor:0.2.4.21:alpha cpe:/a:torproject:tor:0.2.4.22 cpe:/a:torproject:tor:0.2.4.22:alpha cpe:/a:torproject:tor:0.2.4.23 cpe:/a:torproject:tor:0.2.4.23:alpha cpe:/a:torproject:tor:0.2.4.24 cpe:/a:torproject:tor:0.2.4.25 cpe:/a:torproject:tor:0.2.4.26 cpe:/a:torproject:tor:0.2.4.27 cpe:/a:torproject:tor:0.2.4.28 cpe:/a:torproject:tor:0.2.4.29 cpe:/a:torproject:tor:0.2.5.1:alpha cpe:/a:torproject:tor:0.2.5.2:alpha cpe:/a:torproject:tor:0.2.5.3:alpha cpe:/a:torproject:tor:0.2.5.4:alpha cpe:/a:torproject:tor:0.2.5.5:alpha cpe:/a:torproject:tor:0.2.5.6:alpha cpe:/a:torproject:tor:0.2.5.7 cpe:/a:torproject:tor:0.2.5.8 cpe:/a:torproject:tor:0.2.5.9 cpe:/a:torproject:tor:0.2.5.10 cpe:/a:torproject:tor:0.2.5.11 cpe:/a:torproject:tor:0.2.5.12 cpe:/a:torproject:tor:0.2.5.13 cpe:/a:torproject:tor:0.2.5.14 cpe:/a:torproject:tor:0.2.6.1:alpha cpe:/a:torproject:tor:0.2.6.2:alpha cpe:/a:torproject:tor:0.2.6.3:alpha cpe:/a:torproject:tor:0.2.6.4 cpe:/a:torproject:tor:0.2.6.5 cpe:/a:torproject:tor:0.2.6.6 cpe:/a:torproject:tor:0.2.6.7 cpe:/a:torproject:tor:0.2.6.8 cpe:/a:torproject:tor:0.2.6.9 cpe:/a:torproject:tor:0.2.6.10 cpe:/a:torproject:tor:0.2.6.11 cpe:/a:torproject:tor:0.2.6.12 cpe:/a:torproject:tor:0.2.7.1:alpha cpe:/a:torproject:tor:0.2.7.2:alpha cpe:/a:torproject:tor:0.2.7.3 cpe:/a:torproject:tor:0.2.7.4 cpe:/a:torproject:tor:0.2.7.5 cpe:/a:torproject:tor:0.2.7.6 cpe:/a:torproject:tor:0.2.7.7 cpe:/a:torproject:tor:0.2.7.8 cpe:/a:torproject:tor:0.2.8.1:alpha cpe:/a:torproject:tor:0.2.8.2:alpha cpe:/a:torproject:tor:0.2.8.3:alpha cpe:/a:torproject:tor:0.2.8.4 cpe:/a:torproject:tor:0.2.8.5 cpe:/a:torproject:tor:0.2.8.6 cpe:/a:torproject:tor:0.2.8.7 cpe:/a:torproject:tor:0.2.8.8 cpe:/a:torproject:tor:0.2.8.9 cpe:/a:torproject:tor:0.2.8.10 cpe:/a:torproject:tor:0.2.8.11 cpe:/a:torproject:tor:0.2.8.12 cpe:/a:torproject:tor:0.2.8.13 cpe:/a:torproject:tor:0.2.8.14 cpe:/a:torproject:tor:0.2.9.0 cpe:/a:torproject:tor:0.2.9.0:alpha cpe:/a:torproject:tor:0.2.9.1:alpha cpe:/a:torproject:tor:0.2.9.2:alpha cpe:/a:torproject:tor:0.2.9.3:alpha cpe:/a:torproject:tor:0.2.9.4:alpha cpe:/a:torproject:tor:0.2.9.5:alpha cpe:/a:torproject:tor:0.2.9.6 cpe:/a:torproject:tor:0.2.9.8 cpe:/a:torproject:tor:0.2.9.9 cpe:/a:torproject:tor:0.2.9.10 cpe:/a:torproject:tor:0.2.9.11 cpe:/a:torproject:tor:0.2.9.13 cpe:/a:torproject:tor:0.2.9.14 cpe:/a:torproject:tor:0.2.9.15 cpe:/a:torproject:tor:0.2.9.16 cpe:/a:torproject:tor:0.2.9.17 cpe:/a:torproject:tor:0.3.0.0 cpe:/a:torproject:tor:0.3.0.1:- cpe:/a:torproject:tor:0.3.0.1:alpha cpe:/a:torproject:tor:0.3.0.2 cpe:/a:torproject:tor:0.3.0.2:alpha cpe:/a:torproject:tor:0.3.0.3 cpe:/a:torproject:tor:0.3.0.3:alpha cpe:/a:torproject:tor:0.3.0.4 cpe:/a:torproject:tor:0.3.0.4:rc cpe:/a:torproject:tor:0.3.0.5 cpe:/a:torproject:tor:0.3.0.5:rc cpe:/a:torproject:tor:0.3.0.6 cpe:/a:torproject:tor:0.3.0.7

CVE-2017-0375

2017-06-09T13:29:00.217-04:00

2019-10-02T20:03:26.223-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2019-03-11T10:20:59.693-04:00

BID 99017 CONFIRM https://github.com/torproject/tor/commit/79b59a2dfcb68897ee89d98587d09e55f07e68d7 CONFIRM https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html CONFIRM https://trac.torproject.org/projects/tor/ticket/22493 The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.

CVE-2017-0376

2017-06-09T13:29:00.263-04:00

2019-10-02T20:03:26.223-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2019-03-11T10:22:10.677-04:00

DEBIAN DSA-3877 CONFIRM https://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcd CONFIRM https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html CONFIRM https://trac.torproject.org/projects/tor/ticket/22494 The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.

cpe:/a:torproject:tor:0.3.0.1:alpha cpe:/a:torproject:tor:0.3.0.2:alpha cpe:/a:torproject:tor:0.3.0.3:alpha cpe:/a:torproject:tor:0.3.0.4 cpe:/a:torproject:tor:0.3.0.5 cpe:/a:torproject:tor:0.3.0.6 cpe:/a:torproject:tor:0.3.0.7 cpe:/a:torproject:tor:0.3.0.8

CVE-2017-0377

2017-07-02T11:29:00.187-04:00

2017-07-14T10:21:16.720-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-07T12:58:01.803-04:00

CONFIRM https://blog.torproject.org/blog/tor-0309-released-security-update-clients CONFIRM https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients CONFIRM https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350 CONFIRM https://security-tracker.debian.org/CVE-2017-0377 CONFIRM https://trac.torproject.org/projects/tor/ticket/22753 Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.

cpe:/a:phamm:phamm:0.6.6

CVE-2017-0378

2017-07-20T13:29:00.143-04:00

2017-07-26T16:13:09.983-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-26T09:20:36.487-04:00

CONFIRM http://www.openwall.com/lists/oss-security/2017/07/20/3 CONFIRM http://www.phamm.org/docs/CHANGELOG BID 99927 CONFIRM https://bugs.debian.org/868988 CONFIRM https://github.com/lota/phamm/issues/21 XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php.

cpe:/a:gnupg:libgcrypt:1.8.0 cpe:/o:debian:debian_linux:9.0

CVE-2017-0379

2017-08-29T18:29:00.173-04:00

2019-01-16T14:29:12.577-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html BID 100503 SECTRACK 1041294 MISC https://bugs.debian.org/873383 MISC https://eprint.iacr.org/2017/806 MISC https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=da780c8183cccc8f533c8ace8211ac2cb2bdee7b MISC https://lists.debian.org/debian-security-announce/2017/msg00221.html CONFIRM https://security.netapp.com/advisory/ntap-20180726-0002/ MISC https://security-tracker.debian.org/tracker/CVE-2017-0379 DEBIAN DSA-3959 CONFIRM https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.

cpe:/a:torproject:tor:0.2.8.14 cpe:/a:torproject:tor:0.2.9.0 cpe:/a:torproject:tor:0.2.9.0:alpha cpe:/a:torproject:tor:0.2.9.1:alpha cpe:/a:torproject:tor:0.2.9.2:alpha cpe:/a:torproject:tor:0.2.9.3:alpha cpe:/a:torproject:tor:0.2.9.4:alpha cpe:/a:torproject:tor:0.2.9.5:alpha cpe:/a:torproject:tor:0.2.9.6 cpe:/a:torproject:tor:0.2.9.8 cpe:/a:torproject:tor:0.2.9.9 cpe:/a:torproject:tor:0.2.9.10 cpe:/a:torproject:tor:0.2.9.11 cpe:/a:torproject:tor:0.3.0.0 cpe:/a:torproject:tor:0.3.0.1:alpha cpe:/a:torproject:tor:0.3.0.2:alpha cpe:/a:torproject:tor:0.3.0.3:alpha cpe:/a:torproject:tor:0.3.0.4:rc cpe:/a:torproject:tor:0.3.0.5:rc cpe:/a:torproject:tor:0.3.0.6 cpe:/a:torproject:tor:0.3.0.7 cpe:/a:torproject:tor:0.3.0.8 cpe:/a:torproject:tor:0.3.0.9 cpe:/a:torproject:tor:0.3.0.10 cpe:/a:torproject:tor:0.3.1.1:alpha cpe:/a:torproject:tor:0.3.1.2:alpha cpe:/a:torproject:tor:0.3.1.3:alpha cpe:/a:torproject:tor:0.3.1.4:alpha cpe:/a:torproject:tor:0.3.1.5:alpha cpe:/a:torproject:tor:0.3.1.6:alpha cpe:/a:torproject:tor:0.3.2

CVE-2017-0380

2017-09-18T12:29:00.207-04:00

2017-11-05T21:29:00.663-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov DEBIAN DSA-3993 SECTRACK 1039519 CONFIRM https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486 CONFIRM https://trac.torproject.org/projects/tor/ticket/23490 The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.

cpe:/o:google:android:5.0 cpe:/o:google:android:5.0.1 cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1 cpe:/o:google:android:5.1.0 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0

CVE-2017-0381

2017-01-12T15:59:01.953-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 95248 SECTRACK 1039427 CONFIRM https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7 GENTOO GLSA-201702-21 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html CONFIRM https://support.apple.com/HT208112 CONFIRM https://support.apple.com/HT208113 CONFIRM https://support.apple.com/HT208115 CONFIRM https://support.apple.com/HT208144 An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432.

CVE-2017-0382

2017-01-12T15:59:02.000-05:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-01-18T13:42:58.380-05:00

BID 95247 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0

CVE-2017-0383

2017-01-12T15:59:02.030-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-01-18T13:42:30.457-05:00

BID 95243 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1. Android ID: A-31677614.

cpe:/o:google:android:4.0 cpe:/o:google:android:4.0.1 cpe:/o:google:android:4.0.2 cpe:/o:google:android:4.0.3 cpe:/o:google:android:4.0.4 cpe:/o:google:android:4.1 cpe:/o:google:android:4.1.2 cpe:/o:google:android:4.2 cpe:/o:google:android:4.2.1 cpe:/o:google:android:4.2.2 cpe:/o:google:android:4.3 cpe:/o:google:android:4.3.1 cpe:/o:google:android:4.4 cpe:/o:google:android:4.4.1 cpe:/o:google:android:4.4.2 cpe:/o:google:android:4.4.3 cpe:/o:google:android:4.4.4 cpe:/o:google:android:5.0 cpe:/o:google:android:5.0.1 cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1 cpe:/o:google:android:5.1.0 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0

CVE-2017-0384

2017-01-12T15:59:02.063-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-01-18T13:41:54.457-05:00

BID 95239 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32095626.

CVE-2017-0385

2017-01-12T15:59:02.093-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-01-18T13:41:07.220-05:00

BID 95239 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32585400.

CVE-2017-0386

2017-01-12T15:59:02.123-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-01-18T13:40:28.920-05:00

BID 95256 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299.

CVE-2017-0387

2017-01-12T15:59:02.157-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-01-18T13:35:37.857-05:00

BID 95258 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32660278.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0

CVE-2017-0388

2017-01-12T15:59:02.187-05:00

2017-01-17T21:59:19.330-05:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 95252 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32523490.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0

CVE-2017-0389

2017-01-12T15:59:02.203-05:00

2017-01-17T21:59:19.390-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 95251 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31850211.

CVE-2017-0390

2017-01-12T15:59:02.250-05:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-01-18T13:34:36.183-05:00

BID 95230 CONFIRM https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31647370.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0

CVE-2017-0391

2017-01-12T15:59:02.280-05:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 95230 SECTRACK 1038623 CONFIRM https://android.googlesource.com/platform/external/libhevc/+/a33f6725d7e9f92330f995ce2dcf4faa33f6433f CONFIRM https://source.android.com/security/bulletin/2017-01-01.html A denial of service vulnerability in decoder/ihevcd_decode.c in libhevc in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32322258.

CVE-2017-0392

2017-01-12T15:59:02.343-05:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-01-18T13:33:36.587-05:00

BID 95230 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/453b351ac5bd2b6619925dc966da60adf6b3126c CONFIRM https://source.android.com/security/bulletin/2017-01-01.html A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32577290.

CVE-2017-0393

2017-01-12T15:59:02.373-05:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-01-18T13:33:09.270-05:00

BID 95230 CONFIRM https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc CONFIRM https://source.android.com/security/bulletin/2017-01-01.html A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808.

CVE-2017-0394

2017-01-12T15:59:02.407-05:00

2019-10-02T20:03:26.223-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-01-18T13:32:34.940-05:00

BID 95255 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html A denial of service vulnerability in Telephony could enable a remote attacker to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31752213.

CVE-2017-0395

2017-01-12T15:59:02.437-05:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-01-18T13:23:21.937-05:00

BID 95261 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32219099.

CVE-2017-0396

2017-01-12T15:59:02.467-05:00

2017-01-18T12:24:36.530-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-01-18T12:08:40.457-05:00

BID 95232 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965.

CVE-2017-0397

2017-01-12T15:59:02.500-05:00

2017-01-18T11:16:47.550-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-01-18T10:42:14.707-05:00

BID 95232 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/7a3246b870ddd11861eda2ab458b11d723c7f62c CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32377688.

cpe:/o:google:android:4.4.4 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0

CVE-2017-0398

2017-01-13T11:59:01.403-05:00

2017-01-18T09:58:56.807-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-01-17T11:14:47.953-05:00

BID 95226 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664.

CVE-2017-0399

2017-01-12T15:59:02.547-05:00

2019-03-12T14:07:06.760-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2019-03-11T13:31:52.630-04:00

BID 95226 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588756.

cpe:/o:google:android:4.0 cpe:/o:google:android:4.0.1 cpe:/o:google:android:4.0.2 cpe:/o:google:android:4.0.3 cpe:/o:google:android:4.0.4 cpe:/o:google:android:4.1 cpe:/o:google:android:4.1.2 cpe:/o:google:android:4.2 cpe:/o:google:android:4.2.1 cpe:/o:google:android:4.2.2 cpe:/o:google:android:4.3 cpe:/o:google:android:4.3.1 cpe:/o:google:android:4.4 cpe:/o:google:android:4.4.1 cpe:/o:google:android:4.4.2 cpe:/o:google:android:4.4.3 cpe:/o:google:android:5.0 cpe:/o:google:android:5.0.1 cpe:/o:google:android:5.1 cpe:/o:google:android:5.1.0 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0

CVE-2017-0400

2017-01-12T15:59:02.577-05:00

2019-05-30T10:21:10.790-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2019-05-28T11:02:38.837-04:00

BID 95226 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32584034.

CVE-2017-0401

2017-01-12T15:59:02.607-05:00

2019-03-12T14:07:03.433-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2019-03-11T13:34:53.287-04:00

BID 95226 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588016.

CVE-2017-0402

2017-01-12T15:59:02.640-05:00

2019-03-12T09:27:36.590-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2019-03-11T12:01:31.987-04:00

BID 95226 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac CONFIRM https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32436341.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0403

2017-01-12T15:59:02.687-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 95274 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402548.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0404

2017-01-12T15:59:02.717-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 95281 CONFIRM https://source.android.com/security/bulletin/2017-01-01.html An elevation of privilege vulnerability in the kernel sound subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32510733.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0405

2017-02-08T10:59:00.597-05:00

2017-07-24T21:29:04.280-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96048 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0406

2017-02-08T10:59:00.630-05:00

2017-07-24T21:29:04.327-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96046 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0407

2017-02-08T10:59:00.660-05:00

2017-07-24T21:29:04.373-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:7.1.1

CVE-2017-0408

2017-02-08T10:59:00.677-05:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 96092 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-32769670.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0409

2017-02-08T10:59:00.723-05:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 96091 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646.

CVE-2017-0410

2017-02-08T10:59:00.753-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96056 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31929765.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0411

2017-02-08T10:59:00.787-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96056 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html EXPLOIT-DB 41354 An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0412

2017-02-08T10:59:00.800-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96056 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html EXPLOIT-DB 41355 An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0413

2017-02-08T10:59:00.833-05:00

2017-07-24T21:29:04.670-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96063 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0414

2017-02-08T10:59:00.863-05:00

2017-07-24T21:29:04.717-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0415

2017-02-08T10:59:00.893-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96089 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32706020.

CVE-2017-0416

2017-02-08T10:59:00.927-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96055 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609.

CVE-2017-0417

2017-02-08T10:59:00.957-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2017-0418

2017-02-08T10:59:00.987-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2017-0419

2017-02-08T10:59:01.020-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2017-0420

2017-02-08T10:59:01.050-05:00

2017-07-24T21:29:05.030-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96093 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212.

CVE-2017-0421

2017-02-08T10:59:01.097-05:00

2017-07-24T21:29:05.077-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96096 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637.

CVE-2017-0422

2017-02-08T10:59:01.130-05:00

2017-07-24T21:29:05.123-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 96097 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088.

CVE-2017-0423

2017-02-08T10:59:01.160-05:00

2019-10-02T20:03:26.223-04:00

2.9

ADJACENT_NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96102 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0424

2017-02-08T10:59:01.190-05:00

2017-07-24T21:29:05.233-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96104 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450.

CVE-2017-0425

2017-02-08T10:59:01.223-05:00

2017-07-24T21:29:05.280-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96106 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0426

2017-02-08T10:59:01.253-05:00

2017-07-24T21:29:05.327-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96099 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0427

2017-02-08T10:59:01.317-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96071 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10

CVE-2017-0428

2017-02-08T10:59:01.347-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4561 BID 96070 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32401526. References: N-CVE-2017-0428.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10

CVE-2017-0429

2017-02-08T10:59:01.380-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0430

2017-02-08T10:59:01.410-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96065 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. References: B-RB#107459.

cpe:/o:google:android:-

CVE-2017-0431

2018-04-05T14:29:00.317-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2018-04-16T08:24:17.843-04:00

BID 96068 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0432

2017-02-08T10:59:01.440-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96067 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-28332719.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10

CVE-2017-0433

2017-02-08T10:59:01.473-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96061 SECTRACK 1037798 MISC https://alephsecurity.com/vulns/aleph-2016001 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913571.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0434

2017-02-08T10:59:01.487-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96061 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33001936.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0435

2017-02-08T10:59:01.520-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96053 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906657. References: QC-CR#1078000.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0436

2017-02-08T10:59:01.550-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0437

2017-02-08T10:59:01.583-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96047 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402310. References: QC-CR#1092497.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0438

2017-02-08T10:59:01.613-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0439

2017-02-08T10:59:01.643-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96047 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html CONFIRM https://www.codeaurora.org/out-bounds-write-wifi-driver-function-hddextscanpasspointfillnetworklist-cve-2017-0439 An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32450647. References: QC-CR#1092059.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0440

2017-02-08T10:59:01.677-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0441

2017-02-08T10:59:01.707-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96047 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html CONFIRM https://www.codeaurora.org/possible-integer-overflow-buffer-overflow-qcanl80211vendorsubcmdextscansetsignificantchange-cve-2017 An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32872662. References: QC-CR#1095009.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0442

2017-02-08T10:59:01.737-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0443

2017-02-08T10:59:01.770-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96047 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html CONFIRM https://www.codeaurora.org/out-bounds-write-wlan-driver-function-wlanhddcfg80211setextroamparams-cve-2017-0443 An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877494. References: QC-CR#1092497.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10

CVE-2017-0444

2017-02-08T10:59:01.800-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96107 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in the Realtek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32705232.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0445

2017-02-08T10:59:01.833-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96054 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32769717.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0446

2017-02-08T10:59:01.880-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0447

2017-02-08T10:59:01.927-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10

CVE-2017-0448

2017-02-08T10:59:01.957-05:00

2017-07-24T21:29:06.373-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96105 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10

CVE-2017-0449

2017-02-08T10:59:02.003-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96110 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10. Android ID: A-31707909. References: B-RB#32094.

cpe:/o:google:android:7.1.1

CVE-2017-0450

2017-02-08T10:59:02.050-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96109 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it is mitigated by current platform configurations. Product: Android. Versions: N/A. Android ID: A-32917432.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0451

2017-02-08T10:59:02.067-05:00

2017-07-24T21:29:06.513-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96108 SECTRACK 1037798 CONFIRM https://source.android.com/security/bulletin/2017-02-01.html An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0452

2017-03-07T20:59:00.673-05:00

2017-07-17T09:18:11.767-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96836 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32873615. References: QC-CR#1093693.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0453

2017-03-07T20:59:00.707-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96735 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html CONFIRM https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05af1f34723939f477cb7d25adb320d016d68513 An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33979145. References: QC-CR#1105085.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0454

2017-04-07T18:59:00.167-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97399 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0455

2017-03-07T20:59:00.737-05:00

2017-07-17T09:18:11.877-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96812 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html CONFIRM https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=2c00928b4884fdb0b1661bcc530d7e68c9561a2f An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader. This issue is rated as High because it is a general bypass for a bootloader level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-32370952. References: QC-CR#1082755.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0456

2017-03-07T20:59:00.767-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96947 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33106520. References: QC-CR#1099598.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0457

2017-03-07T20:59:00.797-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96803 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31695439. References: QC-CR#1086123, QC-CR#1100695.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0458

2017-03-07T20:59:00.830-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96951 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html CONFIRM https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=eba46cb98431ba1d7a6bd859f26f6ad03f1bf4d4 An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32588962. References: QC-CR#1089433.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0459

2017-03-07T20:59:00.860-05:00

2017-07-17T09:18:12.110-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96743 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html CONFIRM https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?h=rel/msm-3.18&id=ffacf6e2dc41b6063c3564791ed7a2f903e7e3b7 An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32644895. References: QC-CR#1091939.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0460

2017-03-07T20:59:00.907-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96948 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html CONFIRM https://www.codeaurora.org/out-memory-and-out-bounds-vulnerability-while-handling-netlink-messages-cve-2017-0460 An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252965. References: QC-CR#1098801.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0461

2017-03-07T20:59:00.940-05:00

2017-07-17T09:18:12.217-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96743 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html CONFIRM https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=ce5d6f84420a2e6ca6aad6b866992970dd313a65 An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32073794. References: QC-CR#1100132.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0462

2017-04-07T18:59:00.200-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0463

2017-03-07T20:59:00.970-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96948 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html CONFIRM https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=955bd7e7ac097bdffbadafab90e5378038fefeb2 An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33277611. References: QC-CR#1101792.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0464

2017-03-07T20:59:01.000-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96735 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html CONFIRM https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32940193. References: QC-CR#1102593.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0465

2017-05-12T11:29:00.940-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T10:37:15.697-04:00

BID 98184 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34112914. References: QC-CR#1110747.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0466

2017-03-07T20:59:01.033-05:00

2017-07-17T09:18:12.377-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96717 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33139050.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0467

2017-03-07T20:59:01.063-05:00

2017-07-17T09:18:12.453-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0468

2017-03-07T20:59:01.097-05:00

2017-07-17T09:18:12.500-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0469

2017-03-07T20:59:01.127-05:00

2017-07-17T09:18:12.563-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0470

2017-03-07T20:59:01.157-05:00

2017-07-17T09:18:12.627-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0471

2017-03-07T20:59:01.190-05:00

2017-07-17T09:18:12.673-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0472

2017-03-07T20:59:01.207-05:00

2017-07-17T09:18:12.733-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0473

2017-03-07T20:59:01.250-05:00

2017-07-17T09:18:12.780-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0474

2017-03-07T20:59:01.267-05:00

2017-07-17T09:18:12.827-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2017-0475

2017-03-07T20:59:01.297-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96716 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31914369.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0476

2017-03-07T20:59:01.330-05:00

2017-07-17T09:18:12.953-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 96756 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33388925.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0477

2017-03-07T20:59:01.377-05:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 96760 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-33621647.

CVE-2017-0478

2017-03-07T20:59:01.407-05:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 96762 SECTRACK 1037968 MISC https://github.com/JiounDai/CVE-2017-0478 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33718716.

CVE-2017-0479

2017-03-07T20:59:01.457-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96958 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32707507.

CVE-2017-0480

2017-03-07T20:59:01.487-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2017-0481

2017-03-07T20:59:01.533-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96765 BID 96953 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33434992.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0482

2017-03-07T20:59:01.563-05:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96733 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33090864.

CVE-2017-0483

2017-03-07T20:59:01.597-05:00

2017-07-17T09:18:13.377-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0484

2017-03-07T20:59:01.627-05:00

2017-07-17T09:18:13.423-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0485

2017-03-07T20:59:01.657-05:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0486

2017-03-07T20:59:01.690-05:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0487

2017-03-07T20:59:01.707-05:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0488

2017-03-07T20:59:01.737-05:00

2017-07-17T09:18:13.640-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2017-0489

2017-03-07T20:59:01.767-05:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96792 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33091107.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0490

2017-03-07T20:59:01.813-05:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96790 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delete user data. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33178389.

CVE-2017-0491

2017-03-07T20:59:01.860-05:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96791 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32553261.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0492

2017-03-07T20:59:01.893-05:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96794 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 7.1.1. Android ID: A-30150688.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0493

2017-05-12T11:29:00.987-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-19T13:51:02.207-04:00

BID 98140 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0494

2017-03-07T20:59:01.923-05:00

2017-07-17T09:18:13.907-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96789 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32764144.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0495

2017-03-07T20:59:01.957-05:00

2017-07-17T09:18:13.970-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96796 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33552073.

CVE-2017-0496

2017-03-07T20:59:01.987-05:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 96788 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-31554152.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0497

2017-03-07T20:59:02.017-05:00

2019-10-02T20:03:26.223-04:00

5.4

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96795 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33300701.

CVE-2017-0498

2017-03-07T20:59:02.047-05:00

2019-10-02T20:03:26.223-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 96793 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30352311.

CVE-2017-0499

2017-03-07T20:59:02.080-05:00

2017-07-17T09:18:14.187-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96806 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713.

cpe:/o:google:android:7.1.1

CVE-2017-0500

2017-03-07T20:59:02.110-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96726 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28429685. References: M-ALPS02710006.

cpe:/o:google:android:7.1.1

CVE-2017-0501

2017-03-07T20:59:02.143-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:7.1.1

CVE-2017-0502

2017-03-07T20:59:02.173-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:7.1.1

CVE-2017-0503

2017-03-07T20:59:02.207-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:7.1.1

CVE-2017-0504

2017-03-07T20:59:02.250-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:7.1.1

CVE-2017-0505

2017-03-07T20:59:02.283-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:7.1.1

CVE-2017-0506

2017-03-07T20:59:02.313-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0507

2017-03-07T20:59:02.347-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96952 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31992382.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0508

2017-03-07T20:59:02.377-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:7.1.1

CVE-2017-0509

2017-03-07T20:59:02.407-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 94943 BID 96797 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32124445. References: B-RB#110688.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0510

2017-03-07T20:59:02.440-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96800 SECTRACK 1037968 MISC https://alephsecurity.com/2017/03/08/nexus9-fiq-debugger/ CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32402555.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0516

2017-03-07T20:59:02.470-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96802 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the Qualcomm input hardware driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32341680. References: QC-CR#1096301.

cpe:/o:google:android:7.1.1

CVE-2017-0517

2017-03-07T20:59:02.500-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96799 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the MediaTek hardware sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32372051. References: M-ALPS02973195.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0518

2017-03-07T20:59:02.517-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96950 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32370896. References: QC-CR#1086530.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0519

2017-03-07T20:59:02.563-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0520

2017-03-07T20:59:02.580-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96804 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html CONFIRM https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750232. References: QC-CR#1082636.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0521

2017-03-07T20:59:02.627-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96951 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html CONFIRM https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dbe4f26f200db10deaf38676b96d8738afcc10c8 An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32919951. References: QC-CR#1097709.

cpe:/o:google:android:7.1.1

CVE-2017-0522

2017-03-07T20:59:02.657-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96798 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in a MediaTek APK could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High due to the possibility of local arbitrary code execution in a privileged process. Product: Android. Versions: N/A. Android ID: A-32916158. References: M-ALPS03032516.

cpe:/o:google:android:7.1.1 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0523

2017-03-07T20:59:02.673-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96735 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html CONFIRM https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5bb646471da76d3d5cd02cf3da7a03ce6e3cb582 An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32835279. References: QC-CR#1096945.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0524

2017-03-07T20:59:02.720-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96808 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33002026.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0525

2017-03-07T20:59:02.750-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96947 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html CONFIRM https://www.codeaurora.org/use-after-free-vulnerability-during-ipa-routing-commit-logic-cve-2017-0525 An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33139056. References: QC-CR#1097714.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0526

2017-03-07T20:59:02.783-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 96949 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33897738.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0527

2017-03-07T20:59:02.830-05:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0528

2017-03-07T20:59:02.893-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 96807 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to to execute code in the context of a privileged process. This issue is rated as High because it is a general bypass for a kernel level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-33351919.

cpe:/o:google:android:7.1.1

CVE-2017-0529

2017-03-07T20:59:02.923-05:00

2017-07-17T09:18:15.517-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96810 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-28449427. References: M-ALPS02710042.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0531

2017-03-07T20:59:02.957-05:00

2017-07-17T09:18:15.577-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96743 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html CONFIRM https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=530f3a0fd837ed105eddaf99810bc13d97dc4302 An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877245. References: QC-CR#1087469.

cpe:/o:google:android:7.1.1

CVE-2017-0532

2017-03-07T20:59:02.987-05:00

2017-07-17T09:18:15.627-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96834 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An information disclosure vulnerability in the MediaTek video codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32370398. References: M-ALPS03069985.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0533

2017-03-07T20:59:03.017-05:00

2017-07-17T09:18:15.673-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96734 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html CONFIRM https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32509422. References: QC-CR#1088206.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0534

2017-03-07T20:59:03.047-05:00

2017-07-17T09:18:15.733-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0535

2017-03-07T20:59:03.080-05:00

2017-07-17T09:18:15.780-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96833 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33547247.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0536

2017-03-07T20:59:03.110-05:00

2017-07-17T09:18:15.843-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96835 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0537

2017-03-07T20:59:03.127-05:00

2017-07-17T09:18:15.890-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 96831 SECTRACK 1037968 CONFIRM https://source.android.com/security/bulletin/2017-03-01 MISC https://source.android.com/security/bulletin/2017-03-01.html An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0538

2017-04-07T18:59:00.247-04:00

2017-07-10T21:33:26.813-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97330 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/external/libavc/+/494561291a503840f385fbcd11d9bc5f4dc502b8 CONFIRM https://source.android.com/security/bulletin/2017-04-01 A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.

CVE-2017-0539

2017-04-07T18:59:00.277-04:00

2017-07-10T21:33:26.860-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97330 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/external/libhevc/+/1ab5ce7e42feccd49e49752e6f58f9097ac5d254 CONFIRM https://source.android.com/security/bulletin/2017-04-01 A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300.

CVE-2017-0540

2017-04-07T18:59:00.307-04:00

2017-07-12T21:29:01.327-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97330 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853 CONFIRM https://source.android.com/security/bulletin/2017-04-01 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031.

CVE-2017-0541

2017-04-07T18:59:00.340-04:00

2017-07-10T21:33:26.970-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97330 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/external/sonivox/+/56d153259cc3e16a6a0014199a2317dde333c978 MISC https://github.com/JiounDai/CVE-2017-0541 CONFIRM https://source.android.com/security/bulletin/2017-04-01 A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0542

2017-04-07T18:59:00.370-04:00

2017-07-10T21:33:27.017-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97330 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b CONFIRM https://source.android.com/security/bulletin/2017-04-01 A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0543

2017-04-07T18:59:00.403-04:00

2017-07-10T21:33:27.063-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97330 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/external/libavc/+/f634481e940421020e52f511c1fb34aac1db4b2f CONFIRM https://source.android.com/security/bulletin/2017-04-01 A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866.

CVE-2017-0544

2017-04-07T18:59:00.433-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97337 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879.

CVE-2017-0545

2017-04-07T18:59:00.467-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97346 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350.

CVE-2017-0546

2017-04-07T18:59:00.497-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97341 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763.

CVE-2017-0547

2017-04-07T18:59:00.527-04:00

2017-07-10T21:33:27.267-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97338 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/9667e3eff2d34c3797c3b529370de47b2c1f1bf6 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0548

2017-04-07T18:59:00.557-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97398 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0549

2017-04-07T18:59:00.573-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97336 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/external/libavc/+/37345554fea84afd446d6d8fbb87feea5a0dde3f CONFIRM https://source.android.com/security/bulletin/2017-04-01 A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818508.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0550

2017-04-07T18:59:00.620-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97336 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/external/libavc/+/7950bf47b6944546a0aff11a7184947de9591b51 CONFIRM https://source.android.com/security/bulletin/2017-04-01 A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0551

2017-04-07T18:59:00.653-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97336 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/external/libavc/+/494561291a503840f385fbcd11d9bc5f4dc502b8 CONFIRM https://android.googlesource.com/platform/external/libavc/+/8b5fd8f24eba5dd19ab2f80ea11a9125aa882ae2 CONFIRM https://source.android.com/security/bulletin/2017-04-01 A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097231.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0552

2017-04-07T18:59:00.683-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97336 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/external/libavc/+/9a00f562a612d56e7b2b989d168647db900ba6cf CONFIRM https://source.android.com/security/bulletin/2017-04-01 A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915.

CVE-2017-0553

2017-04-07T18:59:00.717-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb MLIST [libnl] 20170503 ANN: libnl 3.3.0 released BID 97340 SECTRACK 1038201 UBUNTU USN-3311-2 REDHAT RHSA-2017:2299 FEDORA FEDORA-2017-7a5363b41d FEDORA FEDORA-2017-34f6e70fdd CONFIRM https://source.android.com/security/bulletin/2017-04-01 UBUNTU USN-3311-1 An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.

CVE-2017-0554

2017-04-07T18:59:00.747-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 97343 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0555

2017-04-07T18:59:00.777-04:00

2017-07-10T21:33:27.657-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97332 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/external/libavc/+/0b23c81c3dd9ec38f7e6806a3955fed1925541a0 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33551775.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0556

2017-04-07T18:59:00.810-04:00

2017-07-10T21:33:27.707-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97332 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/external/libmpeg2/+/f301cff2c1ddd880d9a2c77b22602a137519867b CONFIRM https://source.android.com/security/bulletin/2017-04-01 An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093952.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1

CVE-2017-0557

2017-04-07T18:59:00.840-04:00

2017-07-10T21:33:27.753-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97332 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/external/libmpeg2/+/227c1f829127405e21dab1664393050c652ef71e CONFIRM https://source.android.com/security/bulletin/2017-04-01 An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073.

CVE-2017-0558

2017-04-07T18:59:00.870-04:00

2017-07-10T21:33:27.800-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97332 SECTRACK 1038201 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/50358a80b1724f6cf1bcdf003e1abf9cc141b122 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274.

CVE-2017-0559

2017-04-07T18:59:00.917-04:00

2017-07-10T21:33:27.847-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97352 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722.

CVE-2017-0560

2017-04-07T18:59:00.950-04:00

2017-07-10T21:33:27.907-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97360 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0561

2017-04-07T18:59:00.967-04:00

2019-10-02T20:03:26.223-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 97367 SECTRACK 1038201 MLIST [debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update CONFIRM https://source.android.com/security/bulletin/2017-04-01 EXPLOIT-DB 41805 EXPLOIT-DB 41806 A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.

cpe:/o:google:android:7.1.1

CVE-2017-0562

2017-04-07T18:59:00.997-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97345 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202425. References: M-ALPS02898189.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0563

2017-04-07T18:59:01.043-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://seclists.org/fulldisclosure/2017/May/19 BID 97342 SECTRACK 1038201 MISC https://alephsecurity.com/vulns/aleph-2017009 MISC https://github.com/alephsecurity/PoCs/tree/master/CVE-2017-0563 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0564

2017-04-07T18:59:01.073-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 97344 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 CONFIRM https://source.android.com/security/bulletin/2017-12-01 An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34276203.

cpe:/o:google:android:7.1.1

CVE-2017-0565

2017-04-07T18:59:01.107-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97349 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175904. References: M-ALPS02696516.

cpe:/o:google:android:7.1.1

CVE-2017-0566

2017-04-07T18:59:01.137-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97351 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0567

2017-04-07T18:59:01.167-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97331 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0568

2017-04-07T18:59:01.200-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0569

2017-04-07T18:59:01.230-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97331 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 EXPLOIT-DB 41808 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#110666.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0570

2017-04-07T18:59:01.277-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0571

2017-04-07T18:59:01.293-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0572

2017-04-07T18:59:01.340-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0573

2017-04-07T18:59:01.370-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0574

2017-04-07T18:59:01.403-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0575

2017-04-07T18:59:01.433-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97403 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0576

2017-04-07T18:59:01.467-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97395 SECTRACK 1038201 MISC https://github.com/derrekr/android_security/commit/0dd1a733e60cf5239c0a185d4219ba2ef1118a8b CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0577

2017-04-07T18:59:01.497-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97348 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951.

cpe:/o:google:android:7.1.1

CVE-2017-0578

2017-04-07T18:59:01.527-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97358 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0579

2017-04-07T18:59:01.560-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97339 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0580

2017-04-07T18:59:01.590-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97335 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0581

2017-04-07T18:59:01.607-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0582

2017-04-07T18:59:01.637-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97356 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0583

2017-04-07T18:59:01.683-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 97368 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32068683. References: QC-CR#1103788.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0584

2017-04-07T18:59:01.717-04:00

2017-07-10T21:33:29.067-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97363 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104731.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0585

2017-04-07T18:59:01.747-04:00

2017-07-10T21:33:29.110-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97366 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0586

2017-04-07T18:59:01.763-04:00

2017-07-10T21:33:29.157-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97357 SECTRACK 1038201 CONFIRM https://source.android.com/security/bulletin/2017-04-01 An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0587

2017-05-12T11:29:01.017-04:00

2017-05-19T14:12:57.443-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T14:07:24.183-04:00

BID 98119 CONFIRM https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7 CONFIRM https://source.android.com/security/bulletin/2017-05-01 A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35219737.

CVE-2017-0588

2017-05-12T11:29:01.063-04:00

2017-05-19T11:26:00.530-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T11:01:22.193-04:00

BID 98120 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/6f1d990ce0f116a205f467d9eb2082795e33872b CONFIRM https://source.android.com/security/bulletin/2017-05-01 A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607.

CVE-2017-0589

2017-05-12T11:29:01.097-04:00

2017-05-19T13:47:35.213-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T13:30:32.350-04:00

BID 98122 CONFIRM https://android.googlesource.com/platform/external/libhevc/+/bcfc7124f6ef9f1ec128fb2e90de774a5b33d199 CONFIRM https://source.android.com/security/bulletin/2017-05-01 A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036.

CVE-2017-0590

2017-05-12T11:29:01.143-04:00

2017-05-19T14:26:35.050-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T14:16:13.573-04:00

BID 98123 CONFIRM https://android.googlesource.com/platform/external/libhevc/+/45c97f878bee15cd97262fe7f57ecea71990fed7 CONFIRM https://source.android.com/security/bulletin/2017-05-01 A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35039946.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0591

2017-05-12T11:29:01.190-04:00

2017-05-19T13:39:10.083-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T13:20:50.740-04:00

BID 98124 CONFIRM https://android.googlesource.com/platform/external/libavc/+/5c3fd5d93a268abb20ff22f26009535b40db3c7d CONFIRM https://source.android.com/security/bulletin/2017-05-01 A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672.

CVE-2017-0592

2017-05-12T11:29:01.220-04:00

2017-05-19T11:26:49.830-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T10:57:46.817-04:00

BID 98125 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/acc192347665943ca674acf117e4f74a88436922 CONFIRM https://source.android.com/security/bulletin/2017-05-01 A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34970788.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0593

2017-05-12T11:29:01.267-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T13:17:49.447-04:00

BID 98126 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230.

CVE-2017-0594

2017-05-12T11:29:01.297-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T12:58:42.803-04:00

BID 98128 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/594bf934384920618d2b6ce0bcda1f60144cb3eb CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34617444.

CVE-2017-0595

2017-05-12T11:29:01.330-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T12:59:49.977-04:00

BID 98129 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34705519.

CVE-2017-0596

2017-05-12T11:29:01.377-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T11:12:59.677-04:00

BID 98130 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34749392.

CVE-2017-0597

2017-05-12T11:29:01.423-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T13:05:27.877-04:00

BID 98131 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34749571.

CVE-2017-0598

2017-05-12T11:29:01.453-04:00

2017-05-19T11:32:25.797-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-19T11:16:10.743-04:00

BID 98133 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0599

2017-05-12T11:29:01.487-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T13:10:36.860-04:00

BID 98134 CONFIRM https://android.googlesource.com/platform/external/libhevc/+/a1424724a00d62ac5efa0e27953eed66850d662f CONFIRM https://source.android.com/security/bulletin/2017-05-01 A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34672748.

CVE-2017-0600

2017-05-12T11:29:01.533-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T12:57:17.973-04:00

CONFIRM https://android.googlesource.com/platform/frameworks/av/+/961e5ac5788b52304e64b9a509781beaf5201fb0 CONFIRM https://source.android.com/security/bulletin/2017-05-01 A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0601

2017-05-12T11:29:01.563-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-19T13:22:55.563-04:00

BID 98137 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579.

CVE-2017-0602

2017-05-12T11:29:01.610-04:00

2017-05-19T12:39:10.997-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-19T12:34:04.453-04:00

BID 98141 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955.

CVE-2017-0603

2017-05-12T11:29:01.643-04:00

2019-10-02T20:03:26.223-04:00

5.4

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T10:40:13.927-04:00

BID 98143 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/36b04932bb93cc3269279282686b439a17a89920 CONFIRM https://source.android.com/security/bulletin/2017-05-01 A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994.

cpe:/o:google:android:7.1.2

CVE-2017-0604

2017-05-12T11:29:01.690-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98151 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589.

CVE-2017-0605

2017-05-12T11:29:01.720-04:00

2017-10-03T21:29:00.713-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0606

2017-05-12T11:29:01.767-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-18T22:20:06.290-04:00

BID 98168 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34088848. References: QC-CR#1116015.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0607

2017-05-12T11:29:01.813-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-18T22:20:33.773-04:00

BID 98171 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400551. References: QC-CR#1085928.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0608

2017-05-12T11:29:01.847-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-18T22:20:54.383-04:00

BID 98172 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400458. References: QC-CR#1098363.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0609

2017-05-12T11:29:01.877-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-18T22:21:15.260-04:00

BID 98174 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399801. References: QC-CR#1090482.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0610

2017-05-12T11:29:01.923-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-18T22:21:35.120-04:00

BID 98255 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399404. References: QC-CR#1094852.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0611

2017-05-12T11:29:01.953-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-18T22:21:55.200-04:00

BID 98177 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393841. References: QC-CR#1084210.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0612

2017-05-12T11:29:01.987-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-18T22:22:13.917-04:00

BID 98231 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34389303. References: QC-CR#1061845.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0613

2017-05-12T11:29:02.017-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-18T22:22:29.950-04:00

BID 98186 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400457. References: QC-CR#1086140.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0614

2017-05-12T11:29:02.063-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-18T22:22:42.450-04:00

BID 98187 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399405. References: QC-CR#1080290.

cpe:/o:google:android:7.1.2

CVE-2017-0615

2017-05-12T11:29:02.097-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T13:53:12.777-04:00

BID 98188 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34259126. References: M-ALPS03150278.

cpe:/o:google:android:7.1.2

CVE-2017-0616

2017-05-12T11:29:02.127-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T14:19:10.937-04:00

BID 98189 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34470286. References: M-ALPS03149160.

cpe:/o:google:android:7.1.2

CVE-2017-0617

2017-05-12T11:29:02.157-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T13:57:36.677-04:00

BID 98190 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34471002. References: M-ALPS03149173.

cpe:/o:google:android:7.1.2

CVE-2017-0618

2017-05-12T11:29:02.203-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 98191 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35100728. References: M-ALPS03161536.

cpe:/o:google:android:7.1.2 cpe:/o:linux:linux_kernel:3.10

CVE-2017-0619

2017-05-12T11:29:02.250-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 98192 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35401152. References: QC-CR#826566.

cpe:/o:google:android:7.1.2 cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0620

2017-05-12T11:29:02.283-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T13:11:58.793-04:00

BID 98193 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0621

2017-05-12T11:29:02.313-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-18T22:23:00.653-04:00

BID 98196 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35399703. References: QC-CR#831322.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0622

2017-05-12T11:29:02.360-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-18T22:23:27.170-04:00

BID 98198 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32749036. References: QC-CR#1098602.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0623

2017-05-12T11:29:02.407-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2017-05-18T22:23:44.733-04:00

BID 98199 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32512358.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0624

2017-05-12T11:29:02.440-04:00

2017-05-19T09:01:22.417-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-18T22:25:51.720-04:00

BID 98200 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832.

cpe:/o:google:android:7.1.2

CVE-2017-0625

2017-05-12T11:29:02.470-04:00

2017-05-24T21:29:01.103-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98201 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-35142799. References: M-ALPS03161531.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0626

2017-05-12T11:29:02.500-04:00

2017-05-19T09:10:09.513-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-18T22:26:08.550-04:00

BID 98202 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0627

2017-05-12T11:29:02.533-04:00

2018-06-15T21:29:01.287-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98205 CONFIRM https://source.android.com/security/bulletin/2017-05-01 UBUNTU USN-3674-1 UBUNTU USN-3674-2 An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0628

2017-05-12T11:29:02.580-04:00

2017-05-19T09:00:43.277-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-18T22:26:39.597-04:00

BID 98211 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0629

2017-05-12T11:29:02.627-04:00

2017-05-19T08:18:22.070-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-18T22:26:57.160-04:00

BID 98212 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0630

2017-05-12T11:29:02.657-04:00

2017-05-19T08:41:39.880-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-18T22:27:08.957-04:00

BID 98213 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0631

2017-05-12T11:29:02.690-04:00

2017-05-19T09:03:22.273-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-18T22:27:45.867-04:00

BID 98216 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399756. References: QC-CR#1093232.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0632

2017-05-12T11:29:02.720-04:00

2017-05-19T09:07:00.630-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-18T22:28:00.477-04:00

BID 98221 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0633

2017-05-12T11:29:02.797-04:00

2017-05-19T09:04:06.467-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-18T22:28:09.927-04:00

BID 98223 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0634

2017-05-12T11:29:02.830-04:00

2017-05-19T08:20:52.650-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-05-18T22:28:23.023-04:00

BID 98224 CONFIRM https://source.android.com/security/bulletin/2017-05-01 An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511682.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0635

2017-05-12T11:29:02.877-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-05-19T13:45:41.677-04:00

CONFIRM https://android.googlesource.com/platform/frameworks/av/+/523f6b49c1a2289161f40cf9fe80b92e592e9441 CONFIRM https://source.android.com/security/bulletin/2017-05-01 A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107.

cpe:/o:google:android:7.1.2

CVE-2017-0636

2017-06-14T09:29:00.187-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 98866 SECTRACK 1038623 CONFIRM https://source.android.com/security/bulletin/2017-06-01 An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35310230. References: M-ALPS03162263.

cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0637

2017-06-14T09:29:00.233-04:00

2017-07-07T21:29:05.397-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98868 SECTRACK 1038623 CONFIRM https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258 CONFIRM https://source.android.com/security/bulletin/2017-06-01 A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34064500.

cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0638

2017-06-14T09:29:00.277-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 98872 SECTRACK 1038623 CONFIRM https://source.android.com/security/bulletin/2017-06-01 A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High because it is a remote arbitrary code execution in an unprivileged process. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36368305.

cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0639

2017-06-14T09:29:00.293-04:00

2017-07-07T21:29:05.490-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98871 SECTRACK 1038623 CONFIRM https://source.android.com/security/bulletin/2017-06-01 An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35310991.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1

CVE-2017-0640

2017-06-14T09:29:00.327-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98868 SECTRACK 1038623 CONFIRM https://source.android.com/security/bulletin/2017-06-01 A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33129467.

cpe:/o:google:android:4.4.4 cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0641

2017-06-14T09:29:00.357-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98868 SECTRACK 1038623 CONFIRM https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb CONFIRM https://source.android.com/security/bulletin/2017-06-01 A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591.

cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0642

2017-06-14T09:29:00.387-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98868 SECTRACK 1038623 CONFIRM https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d CONFIRM https://source.android.com/security/bulletin/2017-06-01 A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017.

cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1

CVE-2017-0643

2017-06-14T09:29:00.420-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:4.4.4 cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1

CVE-2017-0644

2017-06-14T09:29:00.450-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0645

2017-06-14T09:29:00.483-04:00

2017-07-07T21:29:05.803-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98871 SECTRACK 1038623 CONFIRM https://source.android.com/security/bulletin/2017-06-01 An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327.

CVE-2017-0646

2017-06-14T09:29:00.513-04:00

2017-07-07T21:29:05.850-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98871 SECTRACK 1038623 CONFIRM https://source.android.com/security/bulletin/2017-06-01 An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33899337.

cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0647

2017-06-14T09:29:00.543-04:00

2017-07-07T21:29:05.897-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98877 SECTRACK 1038623 CONFIRM https://source.android.com/security/bulletin/2017-06-01 An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.

cpe:/o:linux:linux_kernel:3.10

CVE-2017-0648

2017-06-14T09:29:00.577-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 98875 SECTRACK 1038623 CONFIRM https://source.android.com/security/bulletin/2017-06-01 An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-36101220.

cpe:/o:google:android:7.1.2

CVE-2017-0649

2017-06-14T09:29:00.607-04:00

2019-10-02T20:03:26.223-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov BID 98866 SECTRACK 1038623 CONFIRM https://source.android.com/security/bulletin/2017-06-01 An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: N/A. Android ID: A-34468195. References: M-ALPS03162283.

cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:3.18

CVE-2017-0650

2017-06-14T09:29:00.637-04:00

2017-07-07T21:29:06.037-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1038623 CONFIRM https://source.android.com/security/bulletin/2017-06-01 An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278.

cpe:/o:linux:linux_kernel:3.18

CVE-2017-0651

2017-06-14T09:29:00.653-04:00

2017-07-07T21:29:06.083-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 98875 SECTRACK 1038623 CONFIRM https://source.android.com/security/bulletin/2017-06-01 An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815.

CVE-2017-0663

2017-06-14T09:29:00.687-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov DEBIAN DSA-3952 BID 98877 SECTRACK 1038623 GENTOO GLSA-201711-01 CONFIRM https://source.android.com/security/bulletin/2017-06-01 A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.

cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0664

2017-07-06T16:29:00.190-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:40:08.317-04:00

BID 99470 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36491278.

CVE-2017-0665

2017-07-06T16:29:00.237-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:41:54.353-04:00

BID 99470 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414.

CVE-2017-0666

2017-07-06T16:29:00.300-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:41:20.273-04:00

BID 99470 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689.

cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0667

2017-07-06T16:29:00.410-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:40:51.210-04:00

CVE-2017-0668

2017-07-06T16:29:00.537-04:00

2017-07-11T09:55:22.740-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-11T08:48:11.447-04:00

BID 99470 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0669

2017-07-06T16:29:00.613-04:00

2017-07-11T09:55:15.520-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-11T08:47:36.947-04:00

BID 99470 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752.

cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0670

2017-07-06T16:29:00.647-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T12:00:01.840-04:00

BID 99470 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36104177.

cpe:/o:google:android:4.4.4

CVE-2017-0671

2017-07-06T16:29:00.677-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:59:18.980-04:00

CONFIRM https://source.android.com/security/bulletin/2017-07-01 A remote code execution vulnerability in the Android libraries. Product: Android. Versions: 4.4.4. Android ID: A-34514762.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0672

2017-07-06T16:29:00.707-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T11:55:16.597-04:00

CONFIRM https://source.android.com/security/bulletin/2017-07-01 A denial of service vulnerability in the Android libraries. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-34778578.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0673

2017-07-06T16:29:00.723-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:52:33.623-04:00

BID 99478 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33974623.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0674

2017-07-06T16:29:00.753-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:51:59.327-04:00

cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0675

2017-07-06T16:29:00.787-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:51:23.480-04:00

cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0676

2017-07-06T16:29:00.817-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:50:34.103-04:00

BID 99478 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34896431.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0677

2017-07-06T16:29:00.847-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:49:50.760-04:00

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0678

2017-07-06T16:29:00.880-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:49:17.133-04:00

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0679

2017-07-06T16:29:00.910-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:48:55.850-04:00

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0680

2017-07-06T16:29:00.943-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:48:21.850-04:00

CVE-2017-0681

2017-07-06T16:29:00.987-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:47:43.050-04:00

BID 99478 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37208566.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0682

2017-07-06T16:29:01.020-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:46:23.470-04:00

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0683

2017-07-06T16:29:01.050-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T11:46:03.830-04:00

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0684

2017-07-06T16:29:01.067-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T12:53:16.797-04:00

BID 99478 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A elevation of privilege vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35421151.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0685

2017-07-06T16:29:01.113-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T12:47:49.677-04:00

BID 99478 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0686

2017-07-06T16:29:01.147-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T12:47:28.927-04:00

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0687

2017-08-18T13:29:01.403-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-20T20:10:49.573-04:00

BID 99478 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35583675.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0688

2017-07-06T16:29:01.160-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T12:47:08.753-04:00

cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0689

2017-07-06T16:29:01.193-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T12:46:37.080-04:00

BID 99478 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950.

CVE-2017-0690

2017-07-06T16:29:01.223-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T12:46:16.657-04:00

BID 99478 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36592202.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0691

2017-07-06T16:29:01.270-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T12:45:50.500-04:00

CVE-2017-0692

2017-07-06T16:29:01.317-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T12:45:30.407-04:00

BID 99478 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0693

2017-07-06T16:29:01.363-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T12:45:10.123-04:00

CVE-2017-0694

2017-07-06T16:29:01.397-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T12:44:50.217-04:00

BID 99478 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37093318.

cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0695

2017-07-06T16:29:01.427-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T12:44:16.873-04:00

BID 99478 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0696

2017-07-06T16:29:01.473-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T12:42:40.947-04:00

CVE-2017-0697

2017-07-06T16:29:01.503-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T12:40:27.787-04:00

BID 99478 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37239013.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0698

2017-07-06T16:29:01.537-04:00

2017-07-11T09:55:34.803-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-11T08:52:04.033-04:00

BID 99478 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35467458.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0699

2017-07-06T16:29:01.567-04:00

2017-07-11T09:55:28.677-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-11T08:49:15.607-04:00

cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0700

2017-07-06T16:29:01.597-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T12:50:30.947-04:00

BID 99472 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-35639138.

cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0701

2017-07-06T16:29:01.630-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T12:50:07.087-04:00

cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0702

2017-07-06T16:29:01.660-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T12:49:16.633-04:00

CVE-2017-0703

2017-07-06T16:29:01.693-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T12:54:50.660-04:00

BID 99472 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882.

cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0704

2017-07-06T16:29:01.723-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T12:55:20.160-04:00

cpe:/o:google:android:7.1.2

CVE-2017-0705

2017-07-06T16:29:01.753-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 99482 MISC https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/blob/master/CVE-2017-0705.c CONFIRM https://source.android.com/security/bulletin/2017-07-01 A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898.

cpe:/o:google:android:7.1.2

CVE-2017-0706

2017-07-06T16:29:01.787-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T13:01:50.430-04:00

BID 99482 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532.

cpe:/o:google:android:7.1.2

CVE-2017-0707

2017-07-06T16:29:01.817-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T13:16:29.573-04:00

BID 99474 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A elevation of privilege vulnerability in the HTC led driver. Product: Android. Versions: Android kernel. Android ID: A-36088467.

cpe:/o:google:android:7.1.2

CVE-2017-0708

2017-07-06T16:29:01.847-04:00

2017-07-11T11:24:17.800-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-10T13:14:48.660-04:00

BID 99474 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879.

cpe:/o:google:android:7.1.2

CVE-2017-0709

2017-07-06T16:29:01.880-04:00

2017-07-11T11:23:48.473-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-10T13:15:05.317-04:00

BID 99474 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A information disclosure vulnerability in the HTC sensor hub driver. Product: Android. Versions: Android kernel. Android ID: A-35468048.

cpe:/o:google:android:7.1.2

CVE-2017-0710

2017-07-06T16:29:01.910-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-10T13:17:20.327-04:00

BID 99468 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864.

cpe:/o:google:android:7.1.2

CVE-2017-0711

2017-07-06T16:29:01.943-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-10T13:17:47.857-04:00

BID 99466 CONFIRM https://source.android.com/security/bulletin/2017-07-01 A elevation of privilege vulnerability in the MediaTek networking driver. Product: Android. Versions: Android kernel. Android ID: A-36099953. References: M-ALPS03206781.

CVE-2017-0712

2017-08-09T17:29:00.180-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T13:46:28.220-04:00

BID 100220 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A elevation of privilege vulnerability in the Android framework (wi-fi service). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207928.

CVE-2017-0713

2017-08-09T17:29:00.240-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T14:20:27.330-04:00

BID 100219 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A remote code execution vulnerability in the Android libraries (sfntly). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-32096780.

CVE-2017-0714

2017-08-09T17:29:00.273-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-08-14T14:20:47.317-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492637.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0715

2017-08-09T17:29:00.320-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-08-14T14:29:21.380-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0716

2017-08-09T17:29:00.383-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-08-14T14:29:10.050-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37203196.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0718

2017-08-09T17:29:00.413-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-08-14T14:28:51.847-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273547.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0719

2017-08-09T17:29:00.443-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-08-14T14:28:34.643-04:00

CVE-2017-0720

2017-08-09T17:29:00.477-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-08-14T14:28:20.843-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0721

2017-08-09T17:29:00.507-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-08-14T14:27:48.703-04:00

CVE-2017-0722

2017-08-09T17:29:00.537-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-08-14T14:23:56.007-04:00

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0723

2017-08-09T17:29:00.570-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-08-14T14:27:27.983-04:00

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0724

2017-08-09T17:29:00.600-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T14:27:14.403-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36819262.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0725

2017-08-09T17:29:00.633-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T14:26:57.013-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37627194.

CVE-2017-0726

2017-08-09T17:29:00.663-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T14:24:11.443-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36389123.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0727

2017-08-09T17:29:00.693-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T13:55:28.977-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.

CVE-2017-0728

2017-08-09T17:29:00.727-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T14:26:42.573-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A denial of service vulnerability in the Android media framework (hevc decoder). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37469795.

CVE-2017-0729

2017-08-09T17:29:00.757-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T13:56:00.303-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0730

2017-08-09T17:29:00.787-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T14:31:57.487-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A denial of service vulnerability in the Android media framework (h264 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36279112.

CVE-2017-0731

2017-08-09T17:29:00.820-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T13:54:22.883-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0732

2017-08-09T17:29:00.850-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T13:56:38.447-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37504237.

CVE-2017-0733

2017-08-09T17:29:00.883-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T14:31:44.077-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A denial of service vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38391487.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0734

2017-08-09T17:29:00.960-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T14:31:30.343-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38014992.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0735

2017-08-09T17:29:01.023-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T14:31:19.357-04:00

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0736

2017-08-09T17:29:01.070-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-08-14T14:31:06.950-04:00

CVE-2017-0737

2017-08-09T17:29:01.087-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 UBUNTU USN-3692-2 A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942.

CVE-2017-0738

2017-08-09T17:29:01.117-04:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-08-14T14:24:27.930-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A information disclosure vulnerability in the Android media framework (audioserver). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563371.

CVE-2017-0739

2017-08-09T17:29:01.147-04:00

2017-08-15T10:27:52.997-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-08-14T14:30:55.107-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37712181.

cpe:/o:google:android:7.1.2

CVE-2017-0740

2017-08-09T17:29:01.180-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T14:32:43.693-04:00

BID 100217 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A remote code execution vulnerability in the Broadcom networking driver. Product: Android. Versions: Android kernel. Android ID: A-37168488. References: B-RB#116402.

cpe:/o:google:android:7.1.2

CVE-2017-0741

2017-08-09T17:29:01.210-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T13:57:32.167-04:00

BID 100209 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523.

cpe:/o:google:android:7.1.2

CVE-2017-0742

2017-08-09T17:29:01.240-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T13:57:11.087-04:00

BID 100209 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A elevation of privilege vulnerability in the MediaTek video driver. Product: Android. Versions: Android kernel. Android ID: A-36074857. References: M-ALPS03275524.

cpe:/o:google:android:-

CVE-2017-0744

2018-04-05T14:29:00.377-04:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2018-04-16T08:23:03.670-04:00

BID 100210 CONFIRM https://source.android.com/security/bulletin/2017-08-01 An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744.

CVE-2017-0745

2017-08-09T17:29:01.273-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-08-14T14:24:58.727-04:00

BID 100204 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296.

cpe:/o:google:android:7.1.2

CVE-2017-0746

2017-08-09T17:29:01.303-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T13:53:48.833-04:00

BID 100213 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A elevation of privilege vulnerability in the Qualcomm ipa driver. Product: Android. Versions: Android kernel. Android ID: A-35467471. References: QC-CR#2029392.

cpe:/o:google:android:7.1.2

CVE-2017-0747

2017-08-09T17:29:01.367-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-14T13:53:19.773-04:00

BID 100213 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A elevation of privilege vulnerability in the Qualcomm proprietary component. Product: Android. Versions: Android kernel. Android ID: A-32524214. References: QC-CR#2044821.

cpe:/o:google:android:-

CVE-2017-0748

2018-04-05T14:29:00.427-04:00

2018-04-17T14:46:47.983-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-04-16T08:17:59.070-04:00

BID 100210 CONFIRM https://source.android.com/security/bulletin/2017-08-01 An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798.

cpe:/o:google:android:7.1.2

CVE-2017-0749

2017-08-09T17:29:01.397-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 100215 MISC https://bugzilla.novell.com/show_bug.cgi?id=1053162 MISC https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0749.html MISC https://security-tracker.debian.org/tracker/CVE-2017-0749 CONFIRM https://source.android.com/security/bulletin/2017-08-01 A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-36007735.

cpe:/o:google:android:7.1.2

CVE-2017-0750

2017-08-09T17:29:01.430-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 100215 MISC https://bugzilla.novell.com/show_bug.cgi?id=1053160 MISC https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0750.html MISC https://security-tracker.debian.org/tracker/CVE-2017-0750 CONFIRM https://source.android.com/security/bulletin/2017-08-01 UBUNTU USN-3583-1 UBUNTU USN-3583-2 A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013.

cpe:/o:google:android:-

CVE-2017-0751

2018-04-05T14:29:00.533-04:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2018-04-16T08:14:39.380-04:00

BID 100210 CONFIRM https://source.android.com/security/bulletin/2017-08-01 An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061.

CVE-2017-0752

2017-09-08T16:29:00.197-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-15T11:17:03.760-04:00

BID 100673 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0753

2017-09-08T16:29:00.243-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-15T11:15:35.617-04:00

BID 100650 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744.

CVE-2017-0755

2017-09-08T16:29:00.273-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-15T11:14:33.740-04:00

BID 100650 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311.

CVE-2017-0756

2017-09-08T16:29:00.307-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T13:23:34.073-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0757

2017-09-08T16:29:00.337-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T13:24:21.933-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815.

CVE-2017-0758

2017-09-08T16:29:00.367-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T14:01:09.357-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0759

2017-09-08T16:29:00.400-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T14:04:49.270-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0760

2017-09-08T16:29:00.430-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T14:05:21.773-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0761

2017-09-08T16:29:00.477-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T14:51:54.117-04:00

CVE-2017-0762

2017-09-08T16:29:00.507-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T20:52:56.177-04:00

CVE-2017-0763

2017-09-08T16:29:00.540-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T20:53:38.910-04:00

CVE-2017-0764

2017-09-08T16:29:00.570-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T13:36:12.680-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0765

2017-09-08T16:29:00.617-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T14:52:21.713-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863.

CVE-2017-0766

2017-09-08T16:29:00.650-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T20:54:03.333-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688.

CVE-2017-0767

2017-09-08T16:29:00.680-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T20:59:11.840-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407.

CVE-2017-0768

2017-09-08T16:29:00.727-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T13:06:06.477-04:00

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0769

2017-09-08T16:29:00.757-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T21:03:18.990-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122.

CVE-2017-0770

2017-09-08T16:29:00.790-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T21:10:46.247-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0771

2017-09-08T16:29:00.820-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T21:15:52.153-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0772

2017-09-08T16:29:00.867-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T21:18:11.223-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076.

CVE-2017-0773

2017-09-08T16:29:00.900-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T21:21:13.450-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911.

CVE-2017-0774

2017-09-08T16:29:00.930-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T21:25:47.990-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844.

CVE-2017-0775

2017-09-08T16:29:00.960-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-14T21:43:18.127-04:00

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0776

2017-09-08T16:29:01.007-04:00

2017-09-15T08:55:15.317-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-09-14T21:52:24.240-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660.

CVE-2017-0777

2017-09-08T16:29:01.040-04:00

2017-09-15T08:54:58.553-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-09-14T21:53:59.210-04:00

CVE-2017-0778

2017-09-08T16:29:01.070-04:00

2019-10-02T20:03:26.223-04:00

7.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

COMPLETE

http://nvd.nist.gov

2017-09-15T11:12:35.267-04:00

CVE-2017-0779

2017-09-08T16:29:01.103-04:00

2017-09-15T12:30:15.743-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-09-15T11:11:15.497-04:00

BID 100649 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0780

2017-09-08T16:29:01.150-04:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-15T11:00:47.090-04:00

BID 100674 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976.

CVE-2017-0781

2017-09-14T15:29:00.190-04:00

2019-10-02T20:03:26.223-04:00

8.3

ADJACENT_NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html BID 100810 CONFIRM https://source.android.com/security/bulletin/2017-09-01 EXPLOIT-DB 44415 A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.

CVE-2017-0782

2017-09-14T15:29:00.237-04:00

2019-10-02T20:03:26.223-04:00

8.3

ADJACENT_NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html BID 100822 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237.

CVE-2017-0783

2017-09-14T15:29:00.270-04:00

2018-01-18T13:18:08.073-05:00

6.1

ADJACENT_NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html BID 100811 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.

CVE-2017-0784

2017-09-08T16:29:01.180-04:00

2019-10-02T20:03:26.223-04:00

5.8

ADJACENT_NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-09-15T11:09:38.163-04:00

BID 100671 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.

CVE-2017-0785

2017-09-14T15:29:00.317-04:00

2018-07-27T21:29:01.347-04:00

3.3

ADJACENT_NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html BID 100812 SECTRACK 1041300 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.

cpe:/o:google:android:7.1.2

CVE-2017-0786

2017-09-08T16:29:01.210-04:00

2019-10-02T20:03:26.223-04:00

5.8

ADJACENT_NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-09-10T07:34:12.127-04:00

BID 100655 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101.

cpe:/o:google:android:7.1.2

CVE-2017-0787

2017-09-08T16:29:01.243-04:00

2019-10-02T20:03:26.223-04:00

5.8

ADJACENT_NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-09-10T07:34:07.297-04:00

cpe:/o:google:android:7.1.2

CVE-2017-0788

2017-09-08T16:29:01.273-04:00

2019-10-02T20:03:26.223-04:00

5.8

ADJACENT_NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-09-10T07:34:54.797-04:00

cpe:/o:google:android:7.1.2

CVE-2017-0789

2017-09-08T16:29:01.320-04:00

2019-10-02T20:03:26.223-04:00

5.8

ADJACENT_NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-09-10T07:35:12.440-04:00

cpe:/o:google:android:7.1.2

CVE-2017-0790

2017-09-08T16:29:01.353-04:00

2019-10-02T20:03:26.223-04:00

5.8

ADJACENT_NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-09-10T07:35:40.207-04:00

cpe:/o:google:android:7.1.2

CVE-2017-0791

2017-09-08T16:29:01.383-04:00

2019-10-02T20:03:26.223-04:00

5.8

ADJACENT_NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-09-10T07:36:01.737-04:00

cpe:/o:google:android:7.1.2

CVE-2017-0792

2017-09-08T16:29:01.413-04:00

2017-09-12T18:20:22.160-04:00

3.3

ADJACENT_NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-09-10T07:36:59.070-04:00

BID 100655 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301.

cpe:/o:google:android:8.0

CVE-2017-0793

2017-09-08T16:29:01.460-04:00

2017-09-15T14:20:20.163-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

NONE

http://nvd.nist.gov

2017-09-15T10:57:03.550-04:00

BID 100670 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946.

cpe:/o:google:android:8.0

CVE-2017-0794

2017-09-08T16:29:01.493-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 100667 CONFIRM https://source.android.com/security/bulletin/2017-09-01 UBUNTU USN-3798-1 UBUNTU USN-3798-2 A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.

cpe:/o:google:android:7.1.2

CVE-2017-0795

2017-09-08T16:29:01.523-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-11T08:26:48.417-04:00

BID 100652 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480.

cpe:/o:google:android:7.1.2

CVE-2017-0796

2017-09-08T16:29:01.557-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-11T08:17:38.663-04:00

BID 100652 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887.

cpe:/o:google:android:7.1.2

CVE-2017-0797

2017-09-08T16:29:01.587-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-11T08:17:58.617-04:00

cpe:/o:google:android:7.1.2

CVE-2017-0798

2017-09-08T16:29:01.633-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-11T08:18:16.867-04:00

BID 100652 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532.

cpe:/o:google:android:7.1.2

CVE-2017-0799

2017-09-08T16:29:01.697-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-11T08:18:32.713-04:00

BID 100652 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072.

cpe:/o:google:android:7.1.2

CVE-2017-0800

2017-09-08T16:29:01.743-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-11T08:18:49.167-04:00

BID 100652 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988.

cpe:/o:google:android:7.1.2

CVE-2017-0801

2017-09-08T16:29:01.773-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-09-11T08:19:03.650-04:00

BID 100652 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980.

cpe:/o:google:android:7.1.2

CVE-2017-0802

2017-09-08T16:29:01.807-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-09-11T08:19:26.450-04:00

cpe:/o:google:android:7.1.2

CVE-2017-0803

2017-09-08T16:29:01.837-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-09-11T08:19:37.417-04:00

cpe:/o:google:android:7.1.2

CVE-2017-0804

2017-09-08T16:29:01.900-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-09-11T08:20:30.497-04:00

BID 100652 CONFIRM https://source.android.com/security/bulletin/2017-09-01 A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487.

CVE-2017-0805

2017-08-23T20:29:00.177-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-08-25T09:33:54.733-04:00

CONFIRM https://source.android.com/security/bulletin/2017-08-01 A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0806

2017-10-03T21:29:00.900-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-10-11T21:20:58.053-04:00

BID 101086 CONFIRM https://android.googlesource.com/platform/frameworks/base/+/b87c968e5a41a1a09166199bf54eee12608f3900 CONFIRM https://source.android.com/security/bulletin/2017-10-01 An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805.

CVE-2017-0807

2017-10-03T21:29:00.947-04:00

2019-10-02T20:03:26.223-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2019-04-30T12:18:50.500-04:00

BID 101190 BID 102131 CONFIRM https://source.android.com/security/bulletin/2017-12-01 CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0808

2017-10-03T21:29:00.980-04:00

2017-10-12T09:30:01.063-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-11T21:31:44.233-04:00

BID 101190 CONFIRM https://android.googlesource.com/platform/libcore/+/809681f310663288e83587089abb7715c68f6924 CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183.

CVE-2017-0809

2017-10-03T21:29:01.010-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-10-11T16:36:28.877-04:00

BID 101088 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/552a3b5df2a6876d10da20f72e4cc0d44ac2c790 CONFIRM https://source.android.com/security/bulletin/2017-10-01 A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0810

2017-10-03T21:29:01.043-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-10-11T21:23:58.700-04:00

BID 101088 CONFIRM https://android.googlesource.com/platform/external/libmpeg2/+/7737780815fe523ad7b0e49456eb75d27a30818a CONFIRM https://source.android.com/security/bulletin/2017-10-01 A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066.

CVE-2017-0811

2017-10-03T21:29:01.090-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-10-11T21:18:53.563-04:00

BID 101088 CONFIRM https://android.googlesource.com/platform/external/libhevc/+/25c0ffbe6a181b4a373c3c9b421ea449d457e6ed CONFIRM https://source.android.com/security/bulletin/2017-10-01 A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0812

2017-10-03T21:29:01.120-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-10-11T21:32:52.877-04:00

BID 101088 CONFIRM https://android.googlesource.com/device/google/dragon/+/7df7ec13b1d222ac3a66797fbe432605ea8f973f CONFIRM https://source.android.com/security/bulletin/2017-10-01 An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0813

2017-10-03T21:29:01.150-04:00

2019-10-02T20:03:26.223-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-10-11T21:34:06.143-04:00

BID 101151 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/7fa3f552a6f34ed05c15e64ea30b8eed53f77a41 CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046.

CVE-2017-0814

2017-10-03T21:29:01.230-04:00

2019-10-02T20:03:26.223-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-10-11T21:36:28.537-04:00

BID 101151 CONFIRM https://android.googlesource.com/platform/external/tremolo/+/eeb4e45d5683f88488c083ecf142dc89bc3f0b47 CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140.

CVE-2017-0815

2017-10-03T21:29:01.357-04:00

2017-10-12T09:58:46.340-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-11T21:07:32.627-04:00

BID 101088 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04 CONFIRM https://source.android.com/security/bulletin/2017-10-01 An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567.

CVE-2017-0816

2017-10-03T21:29:01.400-04:00

2017-10-12T09:56:51.103-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-11T21:08:06.473-04:00

CVE-2017-0817

2017-10-03T21:29:01.433-04:00

2017-10-12T09:55:14.817-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-11T21:08:55.367-04:00

BID 101151 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/d834160d9759f1098df692b34e6eeb548f9e317b CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0818

2017-10-03T21:29:01.497-04:00

2019-10-02T20:03:26.223-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-10-11T14:55:00.260-04:00

BID 101151 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/d07f5c14e811951ff9b411ceb84e7288e0d04aaf CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0819

2017-10-03T21:29:01.590-04:00

2019-10-02T20:03:26.223-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-10-11T14:54:35.120-04:00

BID 101151 CONFIRM https://android.googlesource.com/platform/external/libhevc/+/87fb7909c49e6a4510ba86ace1ffc83459c7e1b9 CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918.

CVE-2017-0820

2017-10-03T21:29:01.620-04:00

2019-10-02T20:03:26.223-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-10-11T14:54:22.493-04:00

BID 101151 CONFIRM https://android.googlesource.com/platform/frameworks/av/+/8a3a2f6ea7defe1a81bb32b3c9f3537f84749b9d CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0822

2017-10-03T21:29:01.650-04:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-10-11T21:25:57.687-04:00

CONFIRM https://android.googlesource.com/platform/frameworks/base/+/c574568aaede7f652432deb7707f20ae54bbdf9a CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722.

CVE-2017-0823

2017-10-03T21:29:01.697-04:00

2017-10-12T09:55:01.193-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-11T21:12:13.703-04:00

CONFIRM https://android.googlesource.com/platform/hardware/ril/+/cd5f15f588a5d27e99ba12f057245bfe507f8c42 CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.

cpe:/o:google:android:8.0

CVE-2017-0824

2017-10-03T21:29:01.730-04:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-10-11T16:08:26.680-04:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001.

cpe:/o:google:android:8.0

CVE-2017-0825

2017-10-03T21:29:01.760-04:00

2017-10-12T11:43:13.370-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-11T16:09:19.633-04:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002.

cpe:/o:google:android:8.0

CVE-2017-0826

2017-10-03T21:29:01.823-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-10-11T16:19:03.763-04:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781.

cpe:/o:google:android:8.0

CVE-2017-0827

2017-10-03T21:29:01.857-04:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-10-11T16:20:16.453-04:00

BID 101120 CONFIRM https://source.android.com/security/bulletin/2017-10-01 An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872.

cpe:/o:google:android:8.0

CVE-2017-0828

2017-10-03T21:29:01.887-04:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-10-11T16:20:55.423-04:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855.

cpe:/o:google:android:8.0

CVE-2017-0829

2017-10-03T21:29:01.933-04:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-10-11T16:05:04.030-04:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-10-01 An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0830

2017-11-16T18:29:00.303-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-11-26T15:22:40.400-05:00

BID 101775 CONFIRM https://source.android.com/security/bulletin/2017-11-01 An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498.

cpe:/o:google:android:8.0

CVE-2017-0831

2017-11-16T18:29:00.397-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-11-26T16:25:08.900-05:00

BID 101775 CONFIRM https://source.android.com/security/bulletin/2017-11-01 An elevation of privilege vulnerability in the Android framework (window manager). Product: Android. Versions: 8.0. Android ID: A-37442941.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0832

2017-11-16T18:29:00.460-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-11-26T15:49:00.333-05:00

BID 101717 CONFIRM https://source.android.com/security/bulletin/2017-11-01 A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0833

2017-11-16T18:29:00.490-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-11-26T15:46:45.537-05:00

BID 101717 CONFIRM https://source.android.com/security/bulletin/2017-11-01 A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0834

2017-11-16T18:29:00.537-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-11-26T15:40:00.700-05:00

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0835

2017-11-16T18:29:00.587-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-11-26T15:38:33.013-05:00

cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0836

2017-11-16T18:29:00.617-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-12-05T10:36:18.220-05:00

BID 101717 CONFIRM https://source.android.com/security/bulletin/2017-11-01 A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226.

cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0837

2017-12-06T09:29:00.300-05:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-19T09:40:51.483-05:00

BID 102126 CONFIRM https://source.android.com/security/bulletin/2017-12-01 An elevation of privilege vulnerability in the Android media framework (libaudiopolicymanager). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64340921.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0838

2017-11-16T18:29:00.647-05:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-05T13:09:01.253-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-63522818.

CVE-2017-0839

2017-11-16T18:29:00.677-05:00

2017-12-07T16:07:36.323-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-12-05T13:05:20.890-05:00

BID 101717 CONFIRM https://source.android.com/security/bulletin/2017-11-01 An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003.

CVE-2017-0840

2017-11-16T18:29:00.727-05:00

2017-12-07T16:07:44.950-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-12-05T13:02:33.820-05:00

BID 101717 CONFIRM https://source.android.com/security/bulletin/2017-11-01 An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670.

CVE-2017-0841

2017-11-16T18:29:00.757-05:00

2019-10-02T20:03:26.223-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-12-05T13:07:47.607-05:00

BID 101718 CONFIRM https://source.android.com/security/bulletin/2017-11-01 A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0842

2017-11-16T18:29:00.787-05:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-05T10:34:25.407-05:00

BID 101718 CONFIRM https://source.android.com/security/bulletin/2017-11-01 An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513.

cpe:/o:google:android

CVE-2017-0843

2017-11-16T18:29:00.837-05:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-05T10:17:51.467-05:00

CONFIRM https://source.android.com/security/bulletin/2017-11-01 An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. References: M-ALPS03361488.

CVE-2017-0845

2017-11-16T18:29:00.867-05:00

2019-10-02T20:03:26.223-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-26T15:13:33.057-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.

cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0 cpe:/o:google:android:8.1

CVE-2017-0846

2018-01-12T18:29:00.233-05:00

2018-02-01T15:44:21.937-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-01-29T10:40:06.060-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2018-01-01 An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.

cpe:/o:google:android:8.0

CVE-2017-0847

2017-11-16T18:29:00.897-05:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-26T15:51:42.117-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999.

CVE-2017-0848

2017-11-16T18:29:00.927-05:00

2017-12-07T16:11:05.087-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-12-05T13:00:16.263-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0849

2017-11-16T18:29:00.977-05:00

2017-12-07T16:11:16.103-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-12-05T12:59:23.733-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0850

2017-11-16T18:29:01.007-05:00

2017-12-07T16:11:25.777-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-12-05T12:51:50.350-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941.

cpe:/o:google:android:5.0 cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0851

2017-11-16T18:29:01.037-05:00

2017-12-07T16:11:34.337-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-12-05T12:51:07.817-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570.

cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0

CVE-2017-0852

2017-11-16T18:29:01.070-05:00

2019-10-02T20:03:26.223-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-05T12:47:50.703-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0853

2017-11-16T18:29:01.100-05:00

2019-10-02T20:03:26.223-04:00

8.5

NETWORK

LOW

NONE

PARTIAL

NONE

COMPLETE

http://nvd.nist.gov

2017-12-05T12:34:02.967-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63121644.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0854

2017-11-16T18:29:01.147-05:00

2019-10-02T20:03:26.223-04:00

8.5

NETWORK

LOW

NONE

PARTIAL

NONE

COMPLETE

http://nvd.nist.gov

2017-12-05T12:33:34.263-05:00

cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0855

2018-01-12T18:29:00.267-05:00

2019-10-02T20:03:26.223-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2018-01-29T11:03:24.313-05:00

BID 102414 SECTRACK 1040106 CONFIRM https://source.android.com/security/bulletin/2018-01-01 In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64452857.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0857

2017-11-16T18:29:01.177-05:00

2019-10-02T20:03:26.223-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-05T12:25:40.943-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0858

2017-11-16T18:29:01.227-05:00

2019-10-02T20:03:26.223-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-05T10:31:12.107-05:00

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0859

2017-11-16T18:29:01.257-05:00

2019-10-02T20:03:26.223-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-05T12:22:43.637-05:00

cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2

CVE-2017-0860

2017-11-16T18:29:01.287-05:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2019-02-23T00:00:08.030-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 An elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-31097064.

cpe:/o:google:android:-

CVE-2017-0861

2017-11-16T18:29:01.320-05:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov MLIST [secure-testing-commits] 20171206 r58306 - data/CVE BID 102329 REDHAT RHSA-2018:2390 REDHAT RHSA-2018:3083 REDHAT RHSA-2018:3096 CONFIRM https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229 CONFIRM https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 MLIST [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update CONFIRM https://security-tracker.debian.org/tracker/CVE-2017-0861 CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 UBUNTU USN-3583-1 UBUNTU USN-3583-2 UBUNTU USN-3617-1 UBUNTU USN-3617-2 UBUNTU USN-3617-3 UBUNTU USN-3619-1 UBUNTU USN-3619-2 UBUNTU USN-3632-1 DEBIAN DSA-4187 MISC https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.

cpe:/o:google:android

CVE-2017-0862

2017-11-16T18:29:01.367-05:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-05T10:16:24.760-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779.

cpe:/o:google:android

CVE-2017-0863

2017-11-16T18:29:01.397-05:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-12-05T10:01:20.917-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620.

cpe:/o:google:android

CVE-2017-0864

2017-11-16T18:29:01.430-05:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-12-05T10:00:35.760-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571.

cpe:/o:google:android

CVE-2017-0865

2017-11-16T18:29:01.477-05:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-12-05T09:57:42.967-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01 An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195.

cpe:/o:nvidia:tegra_x1_firmware:-

CVE-2017-0866

2017-11-16T17:29:00.207-05:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-04T22:25:35.067-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-11-01#announcements An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree. This could lead to kernel memory corruption and possible code execution. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-38415808. References: N-CVE-2017-0866.

cpe:/o:google:android:-

CVE-2017-0869

2018-01-12T10:29:00.210-05:00

2018-02-01T15:45:42.453-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2018-01-29T10:55:11.883-05:00

BID 102374 SECTRACK 1040106 CONFIRM https://source.android.com/security/bulletin/2018-01-01 NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869.

cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0870

2017-12-06T09:29:00.333-05:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-19T09:33:04.753-05:00

BID 102131 CONFIRM https://source.android.com/security/bulletin/2017-12-01 An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62134807.

cpe:/o:google:android:8.0

CVE-2017-0871

2017-12-06T09:29:00.363-05:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-19T09:17:37.237-05:00

BID 102131 CONFIRM https://source.android.com/security/bulletin/2017-12-01 An elevation of privilege vulnerability in the Android framework (framework base). Product: Android. Versions: 8.0. Android ID A-65281159.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0872

2017-12-06T09:29:00.410-05:00

2017-12-19T09:39:50.153-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-12-19T08:45:41.537-05:00

BID 102126 CONFIRM https://source.android.com/security/bulletin/2017-12-01 A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0873

2017-12-06T09:29:00.473-05:00

2017-12-19T09:38:32.230-05:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-12-19T09:14:53.900-05:00

BID 102126 CONFIRM https://source.android.com/security/bulletin/2017-12-01 A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255.

cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0874

2017-12-06T09:29:00.520-05:00

2017-12-19T09:38:59.447-05:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-12-19T09:12:16.890-05:00

BID 102126 CONFIRM https://source.android.com/security/bulletin/2017-12-01 A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932.

cpe:/o:google:android:6.0

CVE-2017-0876

2017-12-06T09:29:00.567-05:00

2017-12-19T09:43:01.797-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-12-19T08:44:16.503-05:00

BID 102126 CONFIRM https://source.android.com/security/bulletin/2017-12-01 A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675.

cpe:/o:google:android:6.0

CVE-2017-0877

2017-12-06T09:29:00.597-05:00

2017-12-19T09:43:10.767-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-12-19T08:43:00.283-05:00

cpe:/o:google:android:8.0

CVE-2017-0878

2017-12-06T09:29:00.630-05:00

2017-12-19T09:43:31.640-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-12-19T08:14:43.327-05:00

BID 102126 CONFIRM https://source.android.com/security/bulletin/2017-12-01 A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291.

cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0879

2017-12-06T09:29:00.677-05:00

2017-12-19T10:53:24.710-05:00

8.5

NETWORK

LOW

NONE

PARTIAL

NONE

COMPLETE

http://nvd.nist.gov

2017-12-18T10:11:59.700-05:00

CONFIRM https://source.android.com/security/bulletin/pixel/2017-12-01 An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028.

cpe:/o:google:android:7.0 cpe:/o:google:android:7.1.1 cpe:/o:google:android:7.1.2 cpe:/o:google:android:8.0

CVE-2017-0880

2017-12-06T09:29:00.707-05:00

2019-10-02T20:03:26.223-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-12-15T15:02:55.897-05:00

BID 102126 CONFIRM https://source.android.com/security/bulletin/2017-12-01 A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012.

cpe:/a:zulip:zulip_server:1.1.5 cpe:/a:zulip:zulip_server:1.2.0:- cpe:/a:zulip:zulip_server:1.2.0:p1 cpe:/a:zulip:zulip_server:1.2.1 cpe:/a:zulip:zulip_server:1.3.0 cpe:/a:zulip:zulip_server:1.3.1 cpe:/a:zulip:zulip_server:1.3.2 cpe:/a:zulip:zulip_server:1.3.3 cpe:/a:zulip:zulip_server:1.3.4 cpe:/a:zulip:zulip_server:1.3.5 cpe:/a:zulip:zulip_server:1.3.6 cpe:/a:zulip:zulip_server:1.3.7 cpe:/a:zulip:zulip_server:1.3.8 cpe:/a:zulip:zulip_server:1.3.9 cpe:/a:zulip:zulip_server:1.3.10 cpe:/a:zulip:zulip_server:1.3.11 cpe:/a:zulip:zulip_server:1.3.12 cpe:/a:zulip:zulip_server:1.3.13 cpe:/a:zulip:zulip_server:1.4.0 cpe:/a:zulip:zulip_server:1.4.1 cpe:/a:zulip:zulip_server:1.4.2

CVE-2017-0881

2017-03-27T22:59:01.463-04:00

2019-10-09T19:21:06.807-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov BID 97159 MISC https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f MISC https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.

cpe:/a:gitlab:gitlab:8.2.0 cpe:/a:gitlab:gitlab:8.2.1 cpe:/a:gitlab:gitlab:8.2.2 cpe:/a:gitlab:gitlab:8.2.3 cpe:/a:gitlab:gitlab:8.2.4 cpe:/a:gitlab:gitlab:8.2.5 cpe:/a:gitlab:gitlab:8.3.0 cpe:/a:gitlab:gitlab:8.3.8 cpe:/a:gitlab:gitlab:8.3.9 cpe:/a:gitlab:gitlab:8.4.0 cpe:/a:gitlab:gitlab:8.4.9 cpe:/a:gitlab:gitlab:8.4.10 cpe:/a:gitlab:gitlab:8.5.0 cpe:/a:gitlab:gitlab:8.5.11 cpe:/a:gitlab:gitlab:8.5.12 cpe:/a:gitlab:gitlab:8.6.0 cpe:/a:gitlab:gitlab:8.6.7 cpe:/a:gitlab:gitlab:8.6.8 cpe:/a:gitlab:gitlab:8.7.0 cpe:/a:gitlab:gitlab:8.7.1 cpe:/a:gitlab:gitlab:8.10.0 cpe:/a:gitlab:gitlab:8.10.12 cpe:/a:gitlab:gitlab:8.10.13 cpe:/a:gitlab:gitlab:8.11.0 cpe:/a:gitlab:gitlab:8.11.9 cpe:/a:gitlab:gitlab:8.11.10 cpe:/a:gitlab:gitlab:8.12.0 cpe:/a:gitlab:gitlab:8.12.7 cpe:/a:gitlab:gitlab:8.12.8 cpe:/a:gitlab:gitlab:8.13.0 cpe:/a:gitlab:gitlab:8.13.2 cpe:/a:gitlab:gitlab:8.13.3 cpe:/a:gitlab:gitlab:8.14.0 cpe:/a:gitlab:gitlab:8.14.1 cpe:/a:gitlab:gitlab:8.14.2 cpe:/a:gitlab:gitlab:8.14.3 cpe:/a:gitlab:gitlab:8.14.4 cpe:/a:gitlab:gitlab:8.14.5 cpe:/a:gitlab:gitlab:8.14.6 cpe:/a:gitlab:gitlab:8.15.0 cpe:/a:gitlab:gitlab:8.15.1 cpe:/a:gitlab:gitlab:8.15.2 cpe:/a:gitlab:gitlab:8.15.3 cpe:/a:gitlab:gitlab:8.15.4 cpe:/a:gitlab:gitlab:8.15.5 cpe:/a:gitlab:gitlab:8.15.6 cpe:/a:gitlab:gitlab:8.15.7 cpe:/a:gitlab:gitlab:8.16.0 cpe:/a:gitlab:gitlab:8.16.1 cpe:/a:gitlab:gitlab:8.16.2 cpe:/a:gitlab:gitlab:8.16.3 cpe:/a:gitlab:gitlab:8.16.4 cpe:/a:gitlab:gitlab:8.16.5 cpe:/a:gitlab:gitlab:8.16.6 cpe:/a:gitlab:gitlab:8.16.7 cpe:/a:gitlab:gitlab:8.17.0 cpe:/a:gitlab:gitlab:8.17.1 cpe:/a:gitlab:gitlab:8.17.2 cpe:/a:gitlab:gitlab:8.17.3

CVE-2017-0882

2017-03-27T22:59:01.497-04:00

2019-10-09T19:21:06.917-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov BID 97157 MISC https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/ MISC https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1 MISC https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b MISC https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5 MISC https://gitlab.com/gitlab-org/gitlab-ce/issues/29661 Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.

cpe:/a:nextcloud:nextcloud_server:9.0.54 cpe:/a:nextcloud:nextcloud_server:10.0.2

CVE-2017-0883

2017-04-05T16:59:00.197-04:00

2019-10-09T19:21:07.367-04:00

5.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov MISC https://hackerone.com/reports/169680 CONFIRM https://nextcloud.com/security/advisory/?id=nc-sa-2017-001 Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for.

cpe:/a:nextcloud:nextcloud:9.0.54 cpe:/a:nextcloud:nextcloud:10.0.2

CVE-2017-0884

2017-04-05T16:59:00.243-04:00

2019-10-09T19:21:07.540-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC https://hackerone.com/reports/169680 CONFIRM https://nextcloud.com/security/advisory/?id=nc-sa-2017-002 Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for.

cpe:/a:nextcloud:nextcloud:9.0.54 cpe:/a:nextcloud:nextcloud:10.0.2

CVE-2017-0885

2017-04-05T16:59:00.273-04:00

2019-10-09T19:21:07.680-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov MISC https://hackerone.com/reports/174524 CONFIRM https://nextcloud.com/security/advisory/?id=nc-sa-2017-003 Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages.

cpe:/a:nextcloud:nextcloud:9.0.54 cpe:/a:nextcloud:nextcloud:10.0.2

CVE-2017-0886

2017-04-05T16:59:00.307-04:00

2019-10-09T19:21:07.820-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov MISC https://hackerone.com/reports/174524 CONFIRM https://nextcloud.com/security/advisory/?id=nc-sa-2017-004 Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.

cpe:/a:nextcloud:nextcloud:9.0.54 cpe:/a:nextcloud:nextcloud:10.0.2

CVE-2017-0887

2017-04-05T16:59:00.337-04:00

2019-10-09T19:21:07.963-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC https://hackerone.com/reports/173622 CONFIRM https://nextcloud.com/security/advisory/?id=nc-sa-2017-005 Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.

cpe:/a:nextcloud:nextcloud:9.0.54 cpe:/a:nextcloud:nextcloud:10.0.2

CVE-2017-0888

2017-04-05T16:59:00.367-04:00

2017-04-10T21:59:02.703-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 97491 MISC https://hackerone.com/reports/179073 CONFIRM https://nextcloud.com/security/advisory/?id=nc-sa-2017-006 Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.

cpe:/a:thoughtbot:paperclip:3.1.4::~~~ruby~~ cpe:/a:thoughtbot:paperclip:3.2.0::~~~ruby~~ cpe:/a:thoughtbot:paperclip:3.2.1::~~~ruby~~ cpe:/a:thoughtbot:paperclip:3.3.0::~~~ruby~~ cpe:/a:thoughtbot:paperclip:3.3.1::~~~ruby~~ cpe:/a:thoughtbot:paperclip:3.4.0::~~~ruby~~ cpe:/a:thoughtbot:paperclip:3.4.1::~~~ruby~~ cpe:/a:thoughtbot:paperclip:3.4.2::~~~ruby~~ cpe:/a:thoughtbot:paperclip:3.5.0::~~~ruby~~ cpe:/a:thoughtbot:paperclip:3.5.1::~~~ruby~~ cpe:/a:thoughtbot:paperclip:3.5.1.1::~~~ruby~~ cpe:/a:thoughtbot:paperclip:3.5.2::~~~ruby~~ cpe:/a:thoughtbot:paperclip:3.5.3::~~~ruby~~ cpe:/a:thoughtbot:paperclip:3.5.4::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.0.0::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.1.0::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.1.1::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.2.0::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.2.1::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.2.2::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.2.3::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.2.4::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.3.0::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.3.1::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.3.2::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.3.3::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.3.4::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.3.5::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.3.6::~~~ruby~~ cpe:/a:thoughtbot:paperclip:4.3.7::~~~ruby~~ cpe:/a:thoughtbot:paperclip:5.0.0::~~~ruby~~ cpe:/a:thoughtbot:paperclip:5.0.0:beta1:~~~ruby~~ cpe:/a:thoughtbot:paperclip:5.0.0:beta2:~~~ruby~~ cpe:/a:thoughtbot:paperclip:5.1.0::~~~ruby~~

CVE-2017-0889

2017-11-13T12:29:00.193-05:00

2019-10-09T19:21:08.150-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM https://github.com/thoughtbot/paperclip/pull/2435 MISC https://hackerone.com/reports/209430 MISC https://hackerone.com/reports/713 Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.

cpe:/a:nextcloud:nextcloud:11.0.2

CVE-2017-0890

2017-05-08T16:29:00.163-04:00

2019-10-09T19:21:08.337-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC https://hackerone.com/reports/213227 CONFIRM https://nextcloud.com/security/advisory/?id=nc-sa-2017-007 Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

cpe:/a:nextcloud:nextcloud_server:1.0:rc1 cpe:/a:nextcloud:nextcloud_server:1.0.0:beta1 cpe:/a:nextcloud:nextcloud_server:1.1 cpe:/a:nextcloud:nextcloud_server:2.0:beta3 cpe:/a:nextcloud:nextcloud_server:3.0 cpe:/a:nextcloud:nextcloud_server:3.0:alpha1 cpe:/a:nextcloud:nextcloud_server:3.0:rc1 cpe:/a:nextcloud:nextcloud_server:3.0.1 cpe:/a:nextcloud:nextcloud_server:4.0.0:beta cpe:/a:nextcloud:nextcloud_server:4.0.0:rc cpe:/a:nextcloud:nextcloud_server:4.0.0:rc2 cpe:/a:nextcloud:nextcloud_server:4.0.1 cpe:/a:nextcloud:nextcloud_server:4.0.2 cpe:/a:nextcloud:nextcloud_server:4.0.3 cpe:/a:nextcloud:nextcloud_server:4.0.4 cpe:/a:nextcloud:nextcloud_server:4.0.5 cpe:/a:nextcloud:nextcloud_server:4.0.6 cpe:/a:nextcloud:nextcloud_server:4.0.7 cpe:/a:nextcloud:nextcloud_server:4.0.8 cpe:/a:nextcloud:nextcloud_server:4.0.9 cpe:/a:nextcloud:nextcloud_server:4.0.10 cpe:/a:nextcloud:nextcloud_server:4.0.11 cpe:/a:nextcloud:nextcloud_server:4.0.12 cpe:/a:nextcloud:nextcloud_server:4.0.13 cpe:/a:nextcloud:nextcloud_server:4.0.14 cpe:/a:nextcloud:nextcloud_server:4.0.15 cpe:/a:nextcloud:nextcloud_server:4.0.16 cpe:/a:nextcloud:nextcloud_server:4.5.0 cpe:/a:nextcloud:nextcloud_server:4.5.0:beta1 cpe:/a:nextcloud:nextcloud_server:4.5.0:beta2 cpe:/a:nextcloud:nextcloud_server:4.5.0:beta3 cpe:/a:nextcloud:nextcloud_server:4.5.0:beta4 cpe:/a:nextcloud:nextcloud_server:4.5.0:rc1 cpe:/a:nextcloud:nextcloud_server:4.5.0:rc2 cpe:/a:nextcloud:nextcloud_server:4.5.0:rc3 cpe:/a:nextcloud:nextcloud_server:4.5.1 cpe:/a:nextcloud:nextcloud_server:4.5.1:alpha cpe:/a:nextcloud:nextcloud_server:4.5.2 cpe:/a:nextcloud:nextcloud_server:4.5.3 cpe:/a:nextcloud:nextcloud_server:4.5.4 cpe:/a:nextcloud:nextcloud_server:4.5.5 cpe:/a:nextcloud:nextcloud_server:4.5.6 cpe:/a:nextcloud:nextcloud_server:4.5.7 cpe:/a:nextcloud:nextcloud_server:4.5.8 cpe:/a:nextcloud:nextcloud_server:4.5.9 cpe:/a:nextcloud:nextcloud_server:4.5.10 cpe:/a:nextcloud:nextcloud_server:4.5.10:rc1 cpe:/a:nextcloud:nextcloud_server:4.5.11 cpe:/a:nextcloud:nextcloud_server:4.5.12 cpe:/a:nextcloud:nextcloud_server:4.5.13 cpe:/a:nextcloud:nextcloud_server:5.0.0 cpe:/a:nextcloud:nextcloud_server:5.0.0:alpha1 cpe:/a:nextcloud:nextcloud_server:5.0.0:beta1 cpe:/a:nextcloud:nextcloud_server:5.0.0:beta2 cpe:/a:nextcloud:nextcloud_server:5.0.0:rc1 cpe:/a:nextcloud:nextcloud_server:5.0.0:rc2 cpe:/a:nextcloud:nextcloud_server:5.0.0:rc3 cpe:/a:nextcloud:nextcloud_server:5.0.1 cpe:/a:nextcloud:nextcloud_server:5.0.2 cpe:/a:nextcloud:nextcloud_server:5.0.3 cpe:/a:nextcloud:nextcloud_server:5.0.4 cpe:/a:nextcloud:nextcloud_server:5.0.4:rc1 cpe:/a:nextcloud:nextcloud_server:5.0.5 cpe:/a:nextcloud:nextcloud_server:5.0.5:rc1 cpe:/a:nextcloud:nextcloud_server:5.0.6 cpe:/a:nextcloud:nextcloud_server:5.0.7 cpe:/a:nextcloud:nextcloud_server:5.0.8 cpe:/a:nextcloud:nextcloud_server:5.0.9 cpe:/a:nextcloud:nextcloud_server:5.0.10 cpe:/a:nextcloud:nextcloud_server:5.0.11 cpe:/a:nextcloud:nextcloud_server:5.0.12 cpe:/a:nextcloud:nextcloud_server:5.0.13 cpe:/a:nextcloud:nextcloud_server:5.0.14 cpe:/a:nextcloud:nextcloud_server:5.0.14:alpha cpe:/a:nextcloud:nextcloud_server:5.0.15 cpe:/a:nextcloud:nextcloud_server:5.0.15:rc1 cpe:/a:nextcloud:nextcloud_server:5.0.16 cpe:/a:nextcloud:nextcloud_server:5.0.16:rc1 cpe:/a:nextcloud:nextcloud_server:5.0.17 cpe:/a:nextcloud:nextcloud_server:5.0.17:beta1 cpe:/a:nextcloud:nextcloud_server:5.0.19 cpe:/a:nextcloud:nextcloud_server:6.0.0 cpe:/a:nextcloud:nextcloud_server:6.0.0:alpha cpe:/a:nextcloud:nextcloud_server:6.0.0:alpha2 cpe:/a:nextcloud:nextcloud_server:6.0.0:beta2 cpe:/a:nextcloud:nextcloud_server:6.0.0:beta3 cpe:/a:nextcloud:nextcloud_server:6.0.0:beta4 cpe:/a:nextcloud:nextcloud_server:6.0.0:beta5 cpe:/a:nextcloud:nextcloud_server:6.0.0:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.0:rc2 cpe:/a:nextcloud:nextcloud_server:6.0.0:rc3 cpe:/a:nextcloud:nextcloud_server:6.0.0:rc4 cpe:/a:nextcloud:nextcloud_server:6.0.1 cpe:/a:nextcloud:nextcloud_server:6.0.1:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.2 cpe:/a:nextcloud:nextcloud_server:6.0.2:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.3 cpe:/a:nextcloud:nextcloud_server:6.0.3:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.4 cpe:/a:nextcloud:nextcloud_server:6.0.4:beta1 cpe:/a:nextcloud:nextcloud_server:6.0.5 cpe:/a:nextcloud:nextcloud_server:6.0.5:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.6 cpe:/a:nextcloud:nextcloud_server:6.0.6:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.7 cpe:/a:nextcloud:nextcloud_server:6.0.8 cpe:/a:nextcloud:nextcloud_server:6.0.8:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.8:rc2 cpe:/a:nextcloud:nextcloud_server:6.0.9 cpe:/a:nextcloud:nextcloud_server:6.0.9:beta cpe:/a:nextcloud:nextcloud_server:6.0.9:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.10:beta1 cpe:/a:nextcloud:nextcloud_server:7.0.0 cpe:/a:nextcloud:nextcloud_server:7.0.0:alpha2 cpe:/a:nextcloud:nextcloud_server:7.0.0:beta1 cpe:/a:nextcloud:nextcloud_server:7.0.0:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.0:rc2 cpe:/a:nextcloud:nextcloud_server:7.0.0:rc3 cpe:/a:nextcloud:nextcloud_server:7.0.1 cpe:/a:nextcloud:nextcloud_server:7.0.1:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.2 cpe:/a:nextcloud:nextcloud_server:7.0.2:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.3 cpe:/a:nextcloud:nextcloud_server:7.0.3:alpha1 cpe:/a:nextcloud:nextcloud_server:7.0.3:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.3:rc2 cpe:/a:nextcloud:nextcloud_server:7.0.3:rc3 cpe:/a:nextcloud:nextcloud_server:7.0.4 cpe:/a:nextcloud:nextcloud_server:7.0.4:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.4:rc2 cpe:/a:nextcloud:nextcloud_server:7.0.5 cpe:/a:nextcloud:nextcloud_server:7.0.6 cpe:/a:nextcloud:nextcloud_server:7.0.6:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.6:rc2 cpe:/a:nextcloud:nextcloud_server:7.0.7 cpe:/a:nextcloud:nextcloud_server:7.0.7:beta cpe:/a:nextcloud:nextcloud_server:7.0.7:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.8 cpe:/a:nextcloud:nextcloud_server:7.0.8:beta1 cpe:/a:nextcloud:nextcloud_server:7.0.8:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.9 cpe:/a:nextcloud:nextcloud_server:7.0.9:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.10 cpe:/a:nextcloud:nextcloud_server:7.0.11 cpe:/a:nextcloud:nextcloud_server:7.0.11:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.11:rc2 cpe:/a:nextcloud:nextcloud_server:7.0.12 cpe:/a:nextcloud:nextcloud_server:7.0.12:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.13 cpe:/a:nextcloud:nextcloud_server:7.0.13:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.13:rc2 cpe:/a:nextcloud:nextcloud_server:7.0.14 cpe:/a:nextcloud:nextcloud_server:7.0.14:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.14:rc2 cpe:/a:nextcloud:nextcloud_server:7.0.15 cpe:/a:nextcloud:nextcloud_server:7.0.15:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.15:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.0 cpe:/a:nextcloud:nextcloud_server:8.0.0:alpha1 cpe:/a:nextcloud:nextcloud_server:8.0.0:alpha2 cpe:/a:nextcloud:nextcloud_server:8.0.0:beta1 cpe:/a:nextcloud:nextcloud_server:8.0.0:beta2 cpe:/a:nextcloud:nextcloud_server:8.0.0:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.0:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.1 cpe:/a:nextcloud:nextcloud_server:8.0.1:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.2 cpe:/a:nextcloud:nextcloud_server:8.0.3 cpe:/a:nextcloud:nextcloud_server:8.0.3:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.3:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.3:rc3 cpe:/a:nextcloud:nextcloud_server:8.0.3:rc4 cpe:/a:nextcloud:nextcloud_server:8.0.4 cpe:/a:nextcloud:nextcloud_server:8.0.4:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.4:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.5 cpe:/a:nextcloud:nextcloud_server:8.0.5:beta cpe:/a:nextcloud:nextcloud_server:8.0.5:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.6 cpe:/a:nextcloud:nextcloud_server:8.0.6:beta1 cpe:/a:nextcloud:nextcloud_server:8.0.6:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.7 cpe:/a:nextcloud:nextcloud_server:8.0.7:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.8 cpe:/a:nextcloud:nextcloud_server:8.0.9 cpe:/a:nextcloud:nextcloud_server:8.0.9:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.9:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.10 cpe:/a:nextcloud:nextcloud_server:8.0.10:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.11 cpe:/a:nextcloud:nextcloud_server:8.0.11:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.11:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.12 cpe:/a:nextcloud:nextcloud_server:8.0.12:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.12:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.13 cpe:/a:nextcloud:nextcloud_server:8.0.13:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.13:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.14 cpe:/a:nextcloud:nextcloud_server:8.0.14:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.15 cpe:/a:nextcloud:nextcloud_server:8.0.15:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.16 cpe:/a:nextcloud:nextcloud_server:8.0.16:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.16:rc2 cpe:/a:nextcloud:nextcloud_server:8.1:rc2 cpe:/a:nextcloud:nextcloud_server:8.1.0 cpe:/a:nextcloud:nextcloud_server:8.1.0:alpha1 cpe:/a:nextcloud:nextcloud_server:8.1.0:alpha2 cpe:/a:nextcloud:nextcloud_server:8.1.0:beta1 cpe:/a:nextcloud:nextcloud_server:8.1.0:beta2 cpe:/a:nextcloud:nextcloud_server:8.1.1 cpe:/a:nextcloud:nextcloud_server:8.1.1:beta cpe:/a:nextcloud:nextcloud_server:8.1.1:beta1 cpe:/a:nextcloud:nextcloud_server:8.1.1:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.2 cpe:/a:nextcloud:nextcloud_server:8.1.2:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.3 cpe:/a:nextcloud:nextcloud_server:8.1.4 cpe:/a:nextcloud:nextcloud_server:8.1.4:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.4:rc2 cpe:/a:nextcloud:nextcloud_server:8.1.5 cpe:/a:nextcloud:nextcloud_server:8.1.5:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.6 cpe:/a:nextcloud:nextcloud_server:8.1.6:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.6:rc2 cpe:/a:nextcloud:nextcloud_server:8.1.7 cpe:/a:nextcloud:nextcloud_server:8.1.7:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.7:rc2 cpe:/a:nextcloud:nextcloud_server:8.1.8 cpe:/a:nextcloud:nextcloud_server:8.1.8:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.8:rc2 cpe:/a:nextcloud:nextcloud_server:8.1.9 cpe:/a:nextcloud:nextcloud_server:8.1.9:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.9:rc2 cpe:/a:nextcloud:nextcloud_server:8.1.10 cpe:/a:nextcloud:nextcloud_server:8.1.10:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.11 cpe:/a:nextcloud:nextcloud_server:8.1.11:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.11:rc2 cpe:/a:nextcloud:nextcloud_server:8.2:beta1 cpe:/a:nextcloud:nextcloud_server:8.2:rc1 cpe:/a:nextcloud:nextcloud_server:8.2:rc2 cpe:/a:nextcloud:nextcloud_server:8.2:rc3 cpe:/a:nextcloud:nextcloud_server:8.2.0 cpe:/a:nextcloud:nextcloud_server:8.2.1 cpe:/a:nextcloud:nextcloud_server:8.2.1:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.1:rc2 cpe:/a:nextcloud:nextcloud_server:8.2.1:rc3 cpe:/a:nextcloud:nextcloud_server:8.2.1:rc4 cpe:/a:nextcloud:nextcloud_server:8.2.2 cpe:/a:nextcloud:nextcloud_server:8.2.2:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.3 cpe:/a:nextcloud:nextcloud_server:8.2.3:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.3:rc2 cpe:/a:nextcloud:nextcloud_server:8.2.4 cpe:/a:nextcloud:nextcloud_server:8.2.4:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.4:rc2 cpe:/a:nextcloud:nextcloud_server:8.2.5 cpe:/a:nextcloud:nextcloud_server:8.2.5:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.5:rc2 cpe:/a:nextcloud:nextcloud_server:8.2.6 cpe:/a:nextcloud:nextcloud_server:8.2.6:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.7 cpe:/a:nextcloud:nextcloud_server:8.2.7:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.8 cpe:/a:nextcloud:nextcloud_server:8.2.8:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.8:rc2 cpe:/a:nextcloud:nextcloud_server:8.2.9 cpe:/a:nextcloud:nextcloud_server:8.2.9:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.9:rc2 cpe:/a:nextcloud:nextcloud_server:9.0:beta1 cpe:/a:nextcloud:nextcloud_server:9.0.0 cpe:/a:nextcloud:nextcloud_server:9.0.0:beta2 cpe:/a:nextcloud:nextcloud_server:9.0.0:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.0:rc2 cpe:/a:nextcloud:nextcloud_server:9.0.0:rc3 cpe:/a:nextcloud:nextcloud_server:9.0.1 cpe:/a:nextcloud:nextcloud_server:9.0.1:beta cpe:/a:nextcloud:nextcloud_server:9.0.1:beta2 cpe:/a:nextcloud:nextcloud_server:9.0.1:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.1:rc2 cpe:/a:nextcloud:nextcloud_server:9.0.2 cpe:/a:nextcloud:nextcloud_server:9.0.2:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.2:rc2 cpe:/a:nextcloud:nextcloud_server:9.0.3 cpe:/a:nextcloud:nextcloud_server:9.0.3:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.4 cpe:/a:nextcloud:nextcloud_server:9.0.4:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.5 cpe:/a:nextcloud:nextcloud_server:9.0.5:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.5:rc2 cpe:/a:nextcloud:nextcloud_server:9.0.6 cpe:/a:nextcloud:nextcloud_server:9.0.6:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.6:rc2 cpe:/a:nextcloud:nextcloud_server:9.0.7 cpe:/a:nextcloud:nextcloud_server:9.0.7:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.50 cpe:/a:nextcloud:nextcloud_server:9.0.51 cpe:/a:nextcloud:nextcloud_server:9.0.52 cpe:/a:nextcloud:nextcloud_server:9.0.52:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.53 cpe:/a:nextcloud:nextcloud_server:9.0.54 cpe:/a:nextcloud:nextcloud_server:9.0.54:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.55 cpe:/a:nextcloud:nextcloud_server:9.0.56 cpe:/a:nextcloud:nextcloud_server:9.0.56:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.57 cpe:/a:nextcloud:nextcloud_server:9.0.57:rc1 cpe:/a:nextcloud:nextcloud_server:10.0.0 cpe:/a:nextcloud:nextcloud_server:10.0.1 cpe:/a:nextcloud:nextcloud_server:10.0.1:rc1 cpe:/a:nextcloud:nextcloud_server:10.0.2 cpe:/a:nextcloud:nextcloud_server:10.0.3 cpe:/a:nextcloud:nextcloud_server:10.0.3:rc1 cpe:/a:nextcloud:nextcloud_server:10.0.4 cpe:/a:nextcloud:nextcloud_server:10.0.4:rc1 cpe:/a:nextcloud:nextcloud_server:11.0.0 cpe:/a:nextcloud:nextcloud_server:11.0.1 cpe:/a:nextcloud:nextcloud_server:11.0.1:rc1 cpe:/a:nextcloud:nextcloud_server:11.0.2 cpe:/a:nextcloud:nextcloud_server:11.0.2:rc1

CVE-2017-0891

2017-05-08T16:29:00.207-04:00

2019-10-09T19:21:08.493-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC https://hackerone.com/reports/216812 CONFIRM https://nextcloud.com/security/advisory/?id=nc-sa-2017-008 Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.

cpe:/a:nextcloud:nextcloud:11.0.2

CVE-2017-0892

2017-05-08T16:29:00.257-04:00

2019-10-09T19:21:08.617-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC https://hackerone.com/reports/191979 CONFIRM https://nextcloud.com/security/advisory/?id=nc-sa-2017-009 Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.

CVE-2017-0893

2017-05-08T16:29:00.287-04:00

2019-10-09T19:21:08.727-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC https://hackerone.com/reports/222838 CONFIRM https://nextcloud.com/security/advisory/?id=nc-sa-2017-010 Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.

cpe:/a:nextcloud:nextcloud:11.0.2

CVE-2017-0894

2017-05-08T16:29:00.333-04:00

2019-10-09T19:21:08.837-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC https://hackerone.com/reports/218876 CONFIRM https://nextcloud.com/security/advisory/?id=nc-sa-2017-011 Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.

cpe:/a:nextcloud:nextcloud_server:10.0.0 cpe:/a:nextcloud:nextcloud_server:10.0.1 cpe:/a:nextcloud:nextcloud_server:10.0.1:rc1 cpe:/a:nextcloud:nextcloud_server:10.0.2 cpe:/a:nextcloud:nextcloud_server:10.0.3 cpe:/a:nextcloud:nextcloud_server:10.0.3:rc1 cpe:/a:nextcloud:nextcloud_server:11.0.0 cpe:/a:nextcloud:nextcloud_server:11.0.1 cpe:/a:nextcloud:nextcloud_server:11.0.1:rc1

CVE-2017-0895

2017-05-08T16:29:00.367-04:00

2019-10-09T19:21:08.963-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov MISC https://hackerone.com/reports/203594 CONFIRM https://nextcloud.com/security/advisory/?id=nc-sa-2017-012 Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.

cpe:/a:zulip:zulip_server:1.3.0 cpe:/a:zulip:zulip_server:1.3.1 cpe:/a:zulip:zulip_server:1.3.2 cpe:/a:zulip:zulip_server:1.3.3 cpe:/a:zulip:zulip_server:1.3.4 cpe:/a:zulip:zulip_server:1.3.6 cpe:/a:zulip:zulip_server:1.3.7 cpe:/a:zulip:zulip_server:1.3.8 cpe:/a:zulip:zulip_server:1.3.9 cpe:/a:zulip:zulip_server:1.3.10 cpe:/a:zulip:zulip_server:1.3.11 cpe:/a:zulip:zulip_server:1.3.12 cpe:/a:zulip:zulip_server:1.3.13 cpe:/a:zulip:zulip_server:1.4.0 cpe:/a:zulip:zulip_server:1.4.1 cpe:/a:zulip:zulip_server:1.4.2 cpe:/a:zulip:zulip_server:1.4.3 cpe:/a:zulip:zulip_server:1.5.0 cpe:/a:zulip:zulip_server:1.5.1

CVE-2017-0896

2017-06-02T13:29:00.167-04:00

2019-10-02T20:03:26.223-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b MLIST [zulip-announce] 20170601 Zulip Server 1.5.2 released MISC https://hackerone.com/reports/224210 Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.

cpe:/a:expressionengine:expressionengine:2.0.0:public_beta cpe:/a:expressionengine:expressionengine:2.0.1:public_beta cpe:/a:expressionengine:expressionengine:2.0.2:public_beta cpe:/a:expressionengine:expressionengine:2.1.0 cpe:/a:expressionengine:expressionengine:2.1.1 cpe:/a:expressionengine:expressionengine:2.1.2 cpe:/a:expressionengine:expressionengine:2.1.3 cpe:/a:expressionengine:expressionengine:2.1.4 cpe:/a:expressionengine:expressionengine:2.1.5 cpe:/a:expressionengine:expressionengine:2.2.0 cpe:/a:expressionengine:expressionengine:2.2.1 cpe:/a:expressionengine:expressionengine:2.2.2 cpe:/a:expressionengine:expressionengine:2.3.0 cpe:/a:expressionengine:expressionengine:2.3.1 cpe:/a:expressionengine:expressionengine:2.4.0 cpe:/a:expressionengine:expressionengine:2.5.0 cpe:/a:expressionengine:expressionengine:2.5.1 cpe:/a:expressionengine:expressionengine:2.5.2 cpe:/a:expressionengine:expressionengine:2.5.3 cpe:/a:expressionengine:expressionengine:2.5.4 cpe:/a:expressionengine:expressionengine:2.5.5 cpe:/a:expressionengine:expressionengine:2.6.0 cpe:/a:expressionengine:expressionengine:2.6.1 cpe:/a:expressionengine:expressionengine:2.7.0 cpe:/a:expressionengine:expressionengine:2.7.1 cpe:/a:expressionengine:expressionengine:2.7.2 cpe:/a:expressionengine:expressionengine:2.7.3 cpe:/a:expressionengine:expressionengine:2.8.0 cpe:/a:expressionengine:expressionengine:2.8.1 cpe:/a:expressionengine:expressionengine:2.9.0 cpe:/a:expressionengine:expressionengine:2.9.1 cpe:/a:expressionengine:expressionengine:2.9.2 cpe:/a:expressionengine:expressionengine:2.9.3 cpe:/a:expressionengine:expressionengine:2.10.0 cpe:/a:expressionengine:expressionengine:2.10.1 cpe:/a:expressionengine:expressionengine:2.10.2 cpe:/a:expressionengine:expressionengine:2.10.3 cpe:/a:expressionengine:expressionengine:2.11.0 cpe:/a:expressionengine:expressionengine:2.11.1 cpe:/a:expressionengine:expressionengine:2.11.2 cpe:/a:expressionengine:expressionengine:2.11.3 cpe:/a:expressionengine:expressionengine:2.11.4 cpe:/a:expressionengine:expressionengine:2.11.5 cpe:/a:expressionengine:expressionengine:2.11.6 cpe:/a:expressionengine:expressionengine:2.11.7 cpe:/a:expressionengine:expressionengine:3.0.0 cpe:/a:expressionengine:expressionengine:3.0.1 cpe:/a:expressionengine:expressionengine:3.0.2 cpe:/a:expressionengine:expressionengine:3.0.3 cpe:/a:expressionengine:expressionengine:3.0.4 cpe:/a:expressionengine:expressionengine:3.0.5 cpe:/a:expressionengine:expressionengine:3.0.6 cpe:/a:expressionengine:expressionengine:3.1.0 cpe:/a:expressionengine:expressionengine:3.1.1 cpe:/a:expressionengine:expressionengine:3.1.2 cpe:/a:expressionengine:expressionengine:3.1.3 cpe:/a:expressionengine:expressionengine:3.1.4 cpe:/a:expressionengine:expressionengine:3.2.0 cpe:/a:expressionengine:expressionengine:3.2.1 cpe:/a:expressionengine:expressionengine:3.3.0 cpe:/a:expressionengine:expressionengine:3.3.1 cpe:/a:expressionengine:expressionengine:3.3.2 cpe:/a:expressionengine:expressionengine:3.3.3 cpe:/a:expressionengine:expressionengine:3.3.4 cpe:/a:expressionengine:expressionengine:3.4.0 cpe:/a:expressionengine:expressionengine:3.4.1 cpe:/a:expressionengine:expressionengine:3.4.2 cpe:/a:expressionengine:expressionengine:3.4.3 cpe:/a:expressionengine:expressionengine:3.4.4 cpe:/a:expressionengine:expressionengine:3.4.5 cpe:/a:expressionengine:expressionengine:3.4.6 cpe:/a:expressionengine:expressionengine:3.4.7 cpe:/a:expressionengine:expressionengine:3.5.0 cpe:/a:expressionengine:expressionengine:3.5.1 cpe:/a:expressionengine:expressionengine:3.5.2 cpe:/a:expressionengine:expressionengine:3.5.3 cpe:/a:expressionengine:expressionengine:3.5.4

CVE-2017-0897

2017-06-22T17:29:00.183-04:00

2019-10-09T19:21:09.150-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 99242 CONFIRM https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5 CONFIRM https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8 CONFIRM https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released MISC https://hackerone.com/reports/215890 ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.

cpe:/a:ruby-lang:ruby:2.2.0 cpe:/a:ruby-lang:ruby:2.2.1 cpe:/a:ruby-lang:ruby:2.2.2 cpe:/a:ruby-lang:ruby:2.2.3 cpe:/a:ruby-lang:ruby:2.2.4 cpe:/a:ruby-lang:ruby:2.2.5 cpe:/a:ruby-lang:ruby:2.2.6 cpe:/a:ruby-lang:ruby:2.2.7 cpe:/a:ruby-lang:ruby:2.3.0 cpe:/a:ruby-lang:ruby:2.3.1 cpe:/a:ruby-lang:ruby:2.3.2 cpe:/a:ruby-lang:ruby:2.3.3 cpe:/a:ruby-lang:ruby:2.3.4 cpe:/a:ruby-lang:ruby:2.4.0 cpe:/a:ruby-lang:ruby:2.4.1

CVE-2017-0898

2017-09-15T15:29:00.190-04:00

2018-07-14T21:29:01.553-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

PARTIAL

http://nvd.nist.gov BID 100862 SECTRACK 1039363 REDHAT RHSA-2017:3485 REDHAT RHSA-2018:0378 REDHAT RHSA-2018:0583 REDHAT RHSA-2018:0585 MISC https://github.com/mruby/mruby/issues/3722 MISC https://hackerone.com/reports/212241 MLIST [debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update GENTOO GLSA-201710-18 UBUNTU USN-3685-1 DEBIAN DSA-4031 MISC https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/ Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

cpe:/a:rubygems:rubygems:2.6.12 cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0 cpe:/o:redhat:enterprise_linux_desktop:7.0 cpe:/o:redhat:enterprise_linux_server:7.0 cpe:/o:redhat:enterprise_linux_server_aus:7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.4 cpe:/o:redhat:enterprise_linux_server_tus:7.6 cpe:/o:redhat:enterprise_linux_workstation:7.0

CVE-2017-0899

2017-08-31T16:29:00.417-04:00

2019-10-09T19:21:09.713-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MISC http://blog.rubygems.org/2017/08/27/2.6.13-released.html BID 100576 SECTRACK 1039249 REDHAT RHSA-2017:3485 REDHAT RHSA-2018:0378 REDHAT RHSA-2018:0583 REDHAT RHSA-2018:0585 MISC https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1 MISC https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491 MISC https://hackerone.com/reports/226335 MLIST [debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update GENTOO GLSA-201710-01 DEBIAN DSA-3966 RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

CVE-2017-0900

2017-08-31T16:29:00.510-04:00

2019-05-13T10:31:40.837-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2019-05-02T13:55:33.390-04:00

MISC http://blog.rubygems.org/2017/08/27/2.6.13-released.html BID 100579 SECTRACK 1039249 REDHAT RHSA-2017:3485 REDHAT RHSA-2018:0378 REDHAT RHSA-2018:0583 REDHAT RHSA-2018:0585 MISC https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251 MISC https://hackerone.com/reports/243003 MLIST [debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update GENTOO GLSA-201710-01 DEBIAN DSA-3966 RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.

cpe:/a:rubygems:rubygems:2.6.12 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:17.10 cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0 cpe:/o:redhat:enterprise_linux_desktop:7.0 cpe:/o:redhat:enterprise_linux_server:7.0 cpe:/o:redhat:enterprise_linux_server_aus:7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.4 cpe:/o:redhat:enterprise_linux_server_tus:7.6 cpe:/o:redhat:enterprise_linux_workstation:7.0

CVE-2017-0901

2017-08-31T16:29:00.557-04:00

2019-10-09T19:21:09.963-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MISC http://blog.rubygems.org/2017/08/27/2.6.13-released.html BID 100580 SECTRACK 1039249 REDHAT RHSA-2017:3485 REDHAT RHSA-2018:0378 REDHAT RHSA-2018:0583 REDHAT RHSA-2018:0585 MISC https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2 MISC https://hackerone.com/reports/243156 MLIST [debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update GENTOO GLSA-201710-01 UBUNTU USN-3553-1 UBUNTU USN-3685-1 DEBIAN DSA-3966 EXPLOIT-DB 42611 RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

CVE-2017-0902

2017-08-31T16:29:00.603-04:00

2019-10-09T19:21:10.117-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov MISC http://blog.rubygems.org/2017/08/27/2.6.13-released.html BID 100586 SECTRACK 1039249 REDHAT RHSA-2017:3485 REDHAT RHSA-2018:0378 REDHAT RHSA-2018:0583 REDHAT RHSA-2018:0585 MISC https://github.com/rubygems/rubygems/commit/8d91516fb7037ecfb27622f605dc40245e0f8d32 MISC https://hackerone.com/reports/218088 MLIST [debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update GENTOO GLSA-201710-01 UBUNTU USN-3553-1 UBUNTU USN-3685-1 DEBIAN DSA-3966 RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.

cpe:/a:rubygems:rubygems:2.0.0 cpe:/a:rubygems:rubygems:2.0.0:preview2 cpe:/a:rubygems:rubygems:2.0.0:preview2.1 cpe:/a:rubygems:rubygems:2.0.0:preview2.2 cpe:/a:rubygems:rubygems:2.0.0:rc1 cpe:/a:rubygems:rubygems:2.0.0:rc2 cpe:/a:rubygems:rubygems:2.0.1 cpe:/a:rubygems:rubygems:2.0.2 cpe:/a:rubygems:rubygems:2.0.3 cpe:/a:rubygems:rubygems:2.0.4 cpe:/a:rubygems:rubygems:2.0.5 cpe:/a:rubygems:rubygems:2.0.6 cpe:/a:rubygems:rubygems:2.0.7 cpe:/a:rubygems:rubygems:2.0.8 cpe:/a:rubygems:rubygems:2.0.9 cpe:/a:rubygems:rubygems:2.0.10 cpe:/a:rubygems:rubygems:2.0.11 cpe:/a:rubygems:rubygems:2.0.12 cpe:/a:rubygems:rubygems:2.0.13 cpe:/a:rubygems:rubygems:2.0.14 cpe:/a:rubygems:rubygems:2.0.15 cpe:/a:rubygems:rubygems:2.0.16 cpe:/a:rubygems:rubygems:2.0.17 cpe:/a:rubygems:rubygems:2.1.0 cpe:/a:rubygems:rubygems:2.1.0.rc.1 cpe:/a:rubygems:rubygems:2.1.0.rc.2 cpe:/a:rubygems:rubygems:2.1.1 cpe:/a:rubygems:rubygems:2.1.2 cpe:/a:rubygems:rubygems:2.1.3 cpe:/a:rubygems:rubygems:2.1.4 cpe:/a:rubygems:rubygems:2.1.5 cpe:/a:rubygems:rubygems:2.1.6 cpe:/a:rubygems:rubygems:2.1.7 cpe:/a:rubygems:rubygems:2.1.8 cpe:/a:rubygems:rubygems:2.1.9 cpe:/a:rubygems:rubygems:2.1.10 cpe:/a:rubygems:rubygems:2.1.11 cpe:/a:rubygems:rubygems:2.2.0 cpe:/a:rubygems:rubygems:2.2.0.preiew.1 cpe:/a:rubygems:rubygems:2.2.0.rc.1 cpe:/a:rubygems:rubygems:2.2.1 cpe:/a:rubygems:rubygems:2.2.2 cpe:/a:rubygems:rubygems:2.2.3 cpe:/a:rubygems:rubygems:2.2.4 cpe:/a:rubygems:rubygems:2.2.5 cpe:/a:rubygems:rubygems:2.3.0 cpe:/a:rubygems:rubygems:2.4.0 cpe:/a:rubygems:rubygems:2.4.1 cpe:/a:rubygems:rubygems:2.4.2 cpe:/a:rubygems:rubygems:2.4.3 cpe:/a:rubygems:rubygems:2.4.4 cpe:/a:rubygems:rubygems:2.4.5 cpe:/a:rubygems:rubygems:2.4.6 cpe:/a:rubygems:rubygems:2.4.7 cpe:/a:rubygems:rubygems:2.4.8 cpe:/a:rubygems:rubygems:2.5.0 cpe:/a:rubygems:rubygems:2.5.1 cpe:/a:rubygems:rubygems:2.5.2 cpe:/a:rubygems:rubygems:2.6.0 cpe:/a:rubygems:rubygems:2.6.1 cpe:/a:rubygems:rubygems:2.6.2 cpe:/a:rubygems:rubygems:2.6.3 cpe:/a:rubygems:rubygems:2.6.4 cpe:/a:rubygems:rubygems:2.6.5 cpe:/a:rubygems:rubygems:2.6.6 cpe:/a:rubygems:rubygems:2.6.7 cpe:/a:rubygems:rubygems:2.6.8 cpe:/a:rubygems:rubygems:2.6.9 cpe:/a:rubygems:rubygems:2.6.10 cpe:/a:rubygems:rubygems:2.6.11 cpe:/a:rubygems:rubygems:2.6.12 cpe:/a:rubygems:rubygems:2.6.13 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:17.10 cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0 cpe:/o:redhat:enterprise_linux_desktop:7.0 cpe:/o:redhat:enterprise_linux_server:7.0 cpe:/o:redhat:enterprise_linux_server_aus:7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.4 cpe:/o:redhat:enterprise_linux_server_tus:7.6 cpe:/o:redhat:enterprise_linux_workstation:7.0

CVE-2017-0903

2017-10-11T14:29:00.583-04:00

2019-10-09T19:21:10.290-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MISC http://blog.rubygems.org/2017/10/09/2.6.14-released.html MISC http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html BID 101275 REDHAT RHSA-2017:3485 REDHAT RHSA-2018:0378 REDHAT RHSA-2018:0583 REDHAT RHSA-2018:0585 MISC https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49 MISC https://hackerone.com/reports/274990 MLIST [debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update UBUNTU USN-3553-1 UBUNTU USN-3685-1 DEBIAN DSA-4031 RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.

cpe:/a:private_address_check_project:private_address_check:0.1.0::~~~ruby~~ cpe:/a:private_address_check_project:private_address_check:0.2.0::~~~ruby~~ cpe:/a:private_address_check_project:private_address_check:0.3.0::~~~ruby~~

CVE-2017-0904

2017-11-13T12:29:00.347-05:00

2019-10-09T19:21:10.900-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov MISC https://edoverflow.com/2017/ruby-resolv-bug/ CONFIRM https://github.com/jtdowney/private_address_check/commit/58a0d7fe31de339c0117160567a5b33ad82b46af CONFIRM https://github.com/jtdowney/private_address_check/issues/1 MISC https://hackerone.com/reports/287245 MISC https://hackerone.com/reports/287835 The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.

cpe:/a:recurly:recurly_client_ruby:2.0.0 cpe:/a:recurly:recurly_client_ruby:2.0.1 cpe:/a:recurly:recurly_client_ruby:2.0.2 cpe:/a:recurly:recurly_client_ruby:2.0.3 cpe:/a:recurly:recurly_client_ruby:2.0.4 cpe:/a:recurly:recurly_client_ruby:2.0.5 cpe:/a:recurly:recurly_client_ruby:2.0.6 cpe:/a:recurly:recurly_client_ruby:2.0.7 cpe:/a:recurly:recurly_client_ruby:2.0.8 cpe:/a:recurly:recurly_client_ruby:2.0.9 cpe:/a:recurly:recurly_client_ruby:2.0.10 cpe:/a:recurly:recurly_client_ruby:2.0.11 cpe:/a:recurly:recurly_client_ruby:2.0.12 cpe:/a:recurly:recurly_client_ruby:2.1.0 cpe:/a:recurly:recurly_client_ruby:2.1.0:c cpe:/a:recurly:recurly_client_ruby:2.1.1 cpe:/a:recurly:recurly_client_ruby:2.1.2 cpe:/a:recurly:recurly_client_ruby:2.1.3 cpe:/a:recurly:recurly_client_ruby:2.1.4 cpe:/a:recurly:recurly_client_ruby:2.1.5 cpe:/a:recurly:recurly_client_ruby:2.1.6 cpe:/a:recurly:recurly_client_ruby:2.1.7 cpe:/a:recurly:recurly_client_ruby:2.1.8 cpe:/a:recurly:recurly_client_ruby:2.1.9 cpe:/a:recurly:recurly_client_ruby:2.1.10 cpe:/a:recurly:recurly_client_ruby:2.2.0 cpe:/a:recurly:recurly_client_ruby:2.2.1 cpe:/a:recurly:recurly_client_ruby:2.2.2 cpe:/a:recurly:recurly_client_ruby:2.2.3 cpe:/a:recurly:recurly_client_ruby:2.2.4 cpe:/a:recurly:recurly_client_ruby:2.3.0 cpe:/a:recurly:recurly_client_ruby:2.3.0:beta1 cpe:/a:recurly:recurly_client_ruby:2.3.1 cpe:/a:recurly:recurly_client_ruby:2.3.2 cpe:/a:recurly:recurly_client_ruby:2.3.3 cpe:/a:recurly:recurly_client_ruby:2.3.4 cpe:/a:recurly:recurly_client_ruby:2.3.5 cpe:/a:recurly:recurly_client_ruby:2.3.6 cpe:/a:recurly:recurly_client_ruby:2.3.7 cpe:/a:recurly:recurly_client_ruby:2.3.8 cpe:/a:recurly:recurly_client_ruby:2.3.9 cpe:/a:recurly:recurly_client_ruby:2.4.0 cpe:/a:recurly:recurly_client_ruby:2.4.1 cpe:/a:recurly:recurly_client_ruby:2.4.2 cpe:/a:recurly:recurly_client_ruby:2.4.3 cpe:/a:recurly:recurly_client_ruby:2.4.4 cpe:/a:recurly:recurly_client_ruby:2.4.5 cpe:/a:recurly:recurly_client_ruby:2.4.6 cpe:/a:recurly:recurly_client_ruby:2.4.7 cpe:/a:recurly:recurly_client_ruby:2.4.8 cpe:/a:recurly:recurly_client_ruby:2.4.9 cpe:/a:recurly:recurly_client_ruby:2.4.10 cpe:/a:recurly:recurly_client_ruby:2.5.0 cpe:/a:recurly:recurly_client_ruby:2.5.1 cpe:/a:recurly:recurly_client_ruby:2.5.2 cpe:/a:recurly:recurly_client_ruby:2.5.3 cpe:/a:recurly:recurly_client_ruby:2.6.0 cpe:/a:recurly:recurly_client_ruby:2.6.1 cpe:/a:recurly:recurly_client_ruby:2.6.2 cpe:/a:recurly:recurly_client_ruby:2.7.0 cpe:/a:recurly:recurly_client_ruby:2.7.1 cpe:/a:recurly:recurly_client_ruby:2.7.2 cpe:/a:recurly:recurly_client_ruby:2.7.3 cpe:/a:recurly:recurly_client_ruby:2.7.4 cpe:/a:recurly:recurly_client_ruby:2.7.5 cpe:/a:recurly:recurly_client_ruby:2.7.6 cpe:/a:recurly:recurly_client_ruby:2.7.7 cpe:/a:recurly:recurly_client_ruby:2.8.0 cpe:/a:recurly:recurly_client_ruby:2.8.0:rc1 cpe:/a:recurly:recurly_client_ruby:2.8.0:rc3 cpe:/a:recurly:recurly_client_ruby:2.8.1 cpe:/a:recurly:recurly_client_ruby:2.9.0 cpe:/a:recurly:recurly_client_ruby:2.9.1 cpe:/a:recurly:recurly_client_ruby:2.10.0 cpe:/a:recurly:recurly_client_ruby:2.10.1 cpe:/a:recurly:recurly_client_ruby:2.10.2 cpe:/a:recurly:recurly_client_ruby:2.10.3 cpe:/a:recurly:recurly_client_ruby:2.11.0 cpe:/a:recurly:recurly_client_ruby:2.11.1 cpe:/a:recurly:recurly_client_ruby:2.11.2

CVE-2017-0905

2017-11-13T12:29:00.427-05:00

2019-10-09T19:21:11.040-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM https://dev.recurly.com/page/ruby-updates CONFIRM https://github.com/recurly/recurly-client-ruby/commit/1bb0284d6e668b8b3d31167790ed6db1f6ccc4be MISC https://hackerone.com/reports/288635 The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources.

cpe:/a:recurly:recurly_client_python:2.0.0 cpe:/a:recurly:recurly_client_python:2.0.1 cpe:/a:recurly:recurly_client_python:2.0.2 cpe:/a:recurly:recurly_client_python:2.0.3 cpe:/a:recurly:recurly_client_python:2.0.4 cpe:/a:recurly:recurly_client_python:2.1.0 cpe:/a:recurly:recurly_client_python:2.1.1 cpe:/a:recurly:recurly_client_python:2.1.2 cpe:/a:recurly:recurly_client_python:2.1.3 cpe:/a:recurly:recurly_client_python:2.1.4 cpe:/a:recurly:recurly_client_python:2.1.12 cpe:/a:recurly:recurly_client_python:2.1.13 cpe:/a:recurly:recurly_client_python:2.1.14 cpe:/a:recurly:recurly_client_python:2.1.15 cpe:/a:recurly:recurly_client_python:2.2.0 cpe:/a:recurly:recurly_client_python:2.2.1 cpe:/a:recurly:recurly_client_python:2.2.2 cpe:/a:recurly:recurly_client_python:2.2.3 cpe:/a:recurly:recurly_client_python:2.2.4 cpe:/a:recurly:recurly_client_python:2.2.6 cpe:/a:recurly:recurly_client_python:2.2.7 cpe:/a:recurly:recurly_client_python:2.2.8 cpe:/a:recurly:recurly_client_python:2.2.9 cpe:/a:recurly:recurly_client_python:2.2.10 cpe:/a:recurly:recurly_client_python:2.2.11 cpe:/a:recurly:recurly_client_python:2.2.12 cpe:/a:recurly:recurly_client_python:2.2.13 cpe:/a:recurly:recurly_client_python:2.2.14 cpe:/a:recurly:recurly_client_python:2.2.15 cpe:/a:recurly:recurly_client_python:2.2.16 cpe:/a:recurly:recurly_client_python:2.2.17 cpe:/a:recurly:recurly_client_python:2.2.18 cpe:/a:recurly:recurly_client_python:2.2.19 cpe:/a:recurly:recurly_client_python:2.2.20 cpe:/a:recurly:recurly_client_python:2.2.21 cpe:/a:recurly:recurly_client_python:2.3.0 cpe:/a:recurly:recurly_client_python:2.4.0 cpe:/a:recurly:recurly_client_python:2.4.1 cpe:/a:recurly:recurly_client_python:2.4.2 cpe:/a:recurly:recurly_client_python:2.4.3 cpe:/a:recurly:recurly_client_python:2.4.4 cpe:/a:recurly:recurly_client_python:2.5.0 cpe:/a:recurly:recurly_client_python:2.6.0 cpe:/a:recurly:recurly_client_python:2.6.1

CVE-2017-0906

2017-11-13T12:29:00.457-05:00

2019-10-09T19:21:11.307-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM https://dev.recurly.com/page/python-updates CONFIRM https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742 MISC https://hackerone.com/reports/288635 The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.

cpe:/a:recurly:recurly_client_.net:1.0.0 cpe:/a:recurly:recurly_client_.net:1.0.0:beta1 cpe:/a:recurly:recurly_client_.net:1.0.0:beta2 cpe:/a:recurly:recurly_client_.net:1.0.0:beta3 cpe:/a:recurly:recurly_client_.net:1.0.0:rc1 cpe:/a:recurly:recurly_client_.net:1.0.0.1 cpe:/a:recurly:recurly_client_.net:1.0.0.2 cpe:/a:recurly:recurly_client_.net:1.0.0.3 cpe:/a:recurly:recurly_client_.net:1.0.0.4 cpe:/a:recurly:recurly_client_.net:1.1.0 cpe:/a:recurly:recurly_client_.net:1.1.1 cpe:/a:recurly:recurly_client_.net:1.1.4 cpe:/a:recurly:recurly_client_.net:1.1.5 cpe:/a:recurly:recurly_client_.net:1.1.6 cpe:/a:recurly:recurly_client_.net:1.1.7 cpe:/a:recurly:recurly_client_.net:1.1.8 cpe:/a:recurly:recurly_client_.net:1.1.9 cpe:/a:recurly:recurly_client_.net:1.2.0 cpe:/a:recurly:recurly_client_.net:1.2.1 cpe:/a:recurly:recurly_client_.net:1.2.2 cpe:/a:recurly:recurly_client_.net:1.2.5 cpe:/a:recurly:recurly_client_.net:1.2.6 cpe:/a:recurly:recurly_client_.net:1.2.7 cpe:/a:recurly:recurly_client_.net:1.3.0 cpe:/a:recurly:recurly_client_.net:1.3.1 cpe:/a:recurly:recurly_client_.net:1.4.0 cpe:/a:recurly:recurly_client_.net:1.4.1 cpe:/a:recurly:recurly_client_.net:1.4.2 cpe:/a:recurly:recurly_client_.net:1.4.3 cpe:/a:recurly:recurly_client_.net:1.4.4 cpe:/a:recurly:recurly_client_.net:1.4.5 cpe:/a:recurly:recurly_client_.net:1.4.6 cpe:/a:recurly:recurly_client_.net:1.4.7 cpe:/a:recurly:recurly_client_.net:1.4.8 cpe:/a:recurly:recurly_client_.net:1.4.9 cpe:/a:recurly:recurly_client_.net:1.4.10 cpe:/a:recurly:recurly_client_.net:1.4.11 cpe:/a:recurly:recurly_client_.net:1.4.12 cpe:/a:recurly:recurly_client_.net:1.4.13 cpe:/a:recurly:recurly_client_.net:1.5.0 cpe:/a:recurly:recurly_client_.net:1.6.0 cpe:/a:recurly:recurly_client_.net:1.6.1 cpe:/a:recurly:recurly_client_.net:1.7.0 cpe:/a:recurly:recurly_client_.net:1.8.0

CVE-2017-0907

2017-11-13T12:29:00.490-05:00

2019-10-09T19:21:11.447-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM https://dev.recurly.com/page/net-updates CONFIRM https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1 MISC https://hackerone.com/reports/288635 The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.

CVE-2017-0908

2017-11-13T04:29:00.200-05:00

2017-11-13T04:29:00.233-05:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-16510. Reason: This candidate is a reservation duplicate of CVE-2017-16510. Notes: All CVE users should reference CVE-2017-16510 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2017-0909

2017-11-16T17:29:00.267-05:00

2019-10-09T19:21:11.633-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM https://github.com/jtdowney/private_address_check/pull/3 MISC https://hackerone.com/reports/288950 The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery.

CVE-2017-0910

2017-11-27T11:29:00.217-05:00

2019-10-09T19:21:11.790-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://blog.zulip.org/2017/11/23/zulip-1-7-1-released/ CONFIRM https://github.com/zulip/zulip/commit/960d736e55cbb9386a68e4ee45f80581fd2a4e32 In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.

cpe:/a:twitter:twitter_kit:3.0::~~~iphone_os~~ cpe:/a:twitter:twitter_kit:3.0.1::~~~iphone_os~~ cpe:/a:twitter:twitter_kit:3.0.2::~~~iphone_os~~ cpe:/a:twitter:twitter_kit:3.0.3::~~~iphone_os~~ cpe:/a:twitter:twitter_kit:3.0.4::~~~iphone_os~~ cpe:/a:twitter:twitter_kit:3.1.0::~~~iphone_os~~ cpe:/a:twitter:twitter_kit:3.1.1::~~~iphone_os~~ cpe:/a:twitter:twitter_kit:3.2.0::~~~iphone_os~~ cpe:/a:twitter:twitter_kit:3.2.1::~~~iphone_os~~

CVE-2017-0911

2018-02-09T17:29:00.613-05:00

2019-10-09T19:21:11.947-04:00

5.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html CONFIRM https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/Social/Identity/TWTRMobileSSO.m#L71 CONFIRM https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/TWTRTwitter.m#L411 CONFIRM https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017 MISC https://hackerone.com/reports/290229 Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-<consumer-key>) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service.

cpe:/a:ui:ucrm:2.5.0:- cpe:/a:ui:ucrm:2.5.0:beta1 cpe:/a:ui:ucrm:2.5.0:beta2 cpe:/a:ui:ucrm:2.5.0:beta3 cpe:/a:ui:ucrm:2.5.0:beta4 cpe:/a:ui:ucrm:2.5.1 cpe:/a:ui:ucrm:2.5.2 cpe:/a:ui:ucrm:2.5.3 cpe:/a:ui:ucrm:2.6.0:- cpe:/a:ui:ucrm:2.6.0:beta1 cpe:/a:ui:ucrm:2.6.0:beta2 cpe:/a:ui:ucrm:2.6.0:beta3 cpe:/a:ui:ucrm:2.6.1 cpe:/a:ui:ucrm:2.6.2 cpe:/a:ui:ucrm:2.7.0:- cpe:/a:ui:ucrm:2.7.0:beta1 cpe:/a:ui:ucrm:2.7.0:beta2 cpe:/a:ui:ucrm:2.7.0:beta3 cpe:/a:ui:ucrm:2.7.0:beta4 cpe:/a:ui:ucrm:2.7.1 cpe:/a:ui:ucrm:2.7.2 cpe:/a:ui:ucrm:2.7.3 cpe:/a:ui:ucrm:2.7.4 cpe:/a:ui:ucrm:2.7.5 cpe:/a:ui:ucrm:2.7.6 cpe:/a:ui:ucrm:2.7.7

CVE-2017-0912

2018-07-03T17:29:00.217-04:00

2019-09-13T13:54:30.640-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2019-09-13T13:35:40.250-04:00

MISC https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814 Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling".

CVE-2017-0913

2018-07-03T17:29:00.247-04:00

2019-10-02T20:03:26.223-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-08-23T08:38:45.570-04:00

MISC https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814 MISC https://hackerone.com/reports/301406 Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization".

cpe:/a:gitlab:gitlab:9.4.0::~~community~~~ cpe:/a:gitlab:gitlab:9.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.2::~~community~~~ cpe:/a:gitlab:gitlab:9.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.3::~~community~~~ cpe:/a:gitlab:gitlab:9.4.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.4::~~community~~~ cpe:/a:gitlab:gitlab:9.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.5::~~community~~~ cpe:/a:gitlab:gitlab:9.4.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.6::~~community~~~ cpe:/a:gitlab:gitlab:9.4.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.7::~~community~~~ cpe:/a:gitlab:gitlab:9.4.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0::~~community~~~ cpe:/a:gitlab:gitlab:9.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.2::~~community~~~ cpe:/a:gitlab:gitlab:9.5.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.3::~~community~~~ cpe:/a:gitlab:gitlab:9.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.4::~~community~~~ cpe:/a:gitlab:gitlab:9.5.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.5::~~community~~~ cpe:/a:gitlab:gitlab:9.5.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.6::~~community~~~ cpe:/a:gitlab:gitlab:9.5.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.7::~~community~~~ cpe:/a:gitlab:gitlab:9.5.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.8::~~community~~~ cpe:/a:gitlab:gitlab:9.5.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.9::~~community~~~ cpe:/a:gitlab:gitlab:9.5.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.10::~~community~~~ cpe:/a:gitlab:gitlab:9.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0::~~community~~~ cpe:/a:gitlab:gitlab:10.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.2::~~community~~~ cpe:/a:gitlab:gitlab:10.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.3::~~community~~~ cpe:/a:gitlab:gitlab:10.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.4::~~community~~~ cpe:/a:gitlab:gitlab:10.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.5::~~community~~~ cpe:/a:gitlab:gitlab:10.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.6::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0::~~community~~~ cpe:/a:gitlab:gitlab:10.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.2::~~community~~~ cpe:/a:gitlab:gitlab:10.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.3::~~community~~~ cpe:/a:gitlab:gitlab:10.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.4::~~community~~~ cpe:/a:gitlab:gitlab:10.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.5::~~community~~~ cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0::~~community~~~ cpe:/a:gitlab:gitlab:10.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.2::~~community~~~ cpe:/a:gitlab:gitlab:10.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.3::~~community~~~ cpe:/a:gitlab:gitlab:10.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.4::~~community~~~ cpe:/a:gitlab:gitlab:10.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.5::~~community~~~ cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0::~~community~~~ cpe:/a:gitlab:gitlab:10.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.2::~~community~~~ cpe:/a:gitlab:gitlab:10.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.3::~~community~~~ cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~

CVE-2017-0914

2018-03-21T16:29:00.230-04:00

2019-10-09T19:21:12.117-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ MISC https://hackerone.com/reports/298176 Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.

cpe:/a:gitlab:gitlab:8.9.0::~~community~~~ cpe:/a:gitlab:gitlab:8.9.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:8.9.1::~~community~~~ cpe:/a:gitlab:gitlab:8.9.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.2::~~community~~~ cpe:/a:gitlab:gitlab:8.9.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.3::~~community~~~ cpe:/a:gitlab:gitlab:8.9.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.4::~~community~~~ cpe:/a:gitlab:gitlab:8.9.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.5::~~community~~~ cpe:/a:gitlab:gitlab:8.9.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.6::~~community~~~ cpe:/a:gitlab:gitlab:8.9.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.7::~~community~~~ cpe:/a:gitlab:gitlab:8.9.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.8::~~community~~~ cpe:/a:gitlab:gitlab:8.9.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.9::~~community~~~ cpe:/a:gitlab:gitlab:8.9.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.10::~~community~~~ cpe:/a:gitlab:gitlab:8.9.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.11::~~community~~~ cpe:/a:gitlab:gitlab:8.9.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.0::~~community~~~ cpe:/a:gitlab:gitlab:8.10.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc10:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc11:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc12:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc13:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc9:~~community~~~ cpe:/a:gitlab:gitlab:8.10.1::~~community~~~ cpe:/a:gitlab:gitlab:8.10.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.2::~~community~~~ cpe:/a:gitlab:gitlab:8.10.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.3::~~community~~~ cpe:/a:gitlab:gitlab:8.10.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.4::~~community~~~ cpe:/a:gitlab:gitlab:8.10.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.5::~~community~~~ cpe:/a:gitlab:gitlab:8.10.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.6::~~community~~~ cpe:/a:gitlab:gitlab:8.10.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.7::~~community~~~ cpe:/a:gitlab:gitlab:8.10.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.8::~~community~~~ cpe:/a:gitlab:gitlab:8.10.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.9::~~community~~~ cpe:/a:gitlab:gitlab:8.10.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.10::~~community~~~ cpe:/a:gitlab:gitlab:8.10.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.11::~~community~~~ cpe:/a:gitlab:gitlab:8.10.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.12::~~community~~~ cpe:/a:gitlab:gitlab:8.10.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.13::~~community~~~ cpe:/a:gitlab:gitlab:8.10.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.0::~~community~~~ cpe:/a:gitlab:gitlab:8.11.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.11.1::~~community~~~ cpe:/a:gitlab:gitlab:8.11.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.2::~~community~~~ cpe:/a:gitlab:gitlab:8.11.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.3::~~community~~~ cpe:/a:gitlab:gitlab:8.11.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.4::~~community~~~ cpe:/a:gitlab:gitlab:8.11.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.5::~~community~~~ cpe:/a:gitlab:gitlab:8.11.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.6::~~community~~~ cpe:/a:gitlab:gitlab:8.11.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.7::~~community~~~ cpe:/a:gitlab:gitlab:8.11.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.8::~~community~~~ cpe:/a:gitlab:gitlab:8.11.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.9::~~community~~~ cpe:/a:gitlab:gitlab:8.11.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.10::~~community~~~ cpe:/a:gitlab:gitlab:8.11.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.11::~~community~~~ cpe:/a:gitlab:gitlab:8.11.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.0::~~community~~~ cpe:/a:gitlab:gitlab:8.12.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.12.1::~~community~~~ cpe:/a:gitlab:gitlab:8.12.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.2::~~community~~~ cpe:/a:gitlab:gitlab:8.12.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.3::~~community~~~ cpe:/a:gitlab:gitlab:8.12.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.4::~~community~~~ cpe:/a:gitlab:gitlab:8.12.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.5::~~community~~~ cpe:/a:gitlab:gitlab:8.12.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.6::~~community~~~ cpe:/a:gitlab:gitlab:8.12.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.7::~~community~~~ cpe:/a:gitlab:gitlab:8.12.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.8::~~community~~~ cpe:/a:gitlab:gitlab:8.12.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.9::~~community~~~ cpe:/a:gitlab:gitlab:8.12.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.10::~~community~~~ cpe:/a:gitlab:gitlab:8.12.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.11::~~community~~~ cpe:/a:gitlab:gitlab:8.12.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.12::~~community~~~ cpe:/a:gitlab:gitlab:8.12.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.13::~~community~~~ cpe:/a:gitlab:gitlab:8.13.0::~~community~~~ cpe:/a:gitlab:gitlab:8.13.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.13.1::~~community~~~ cpe:/a:gitlab:gitlab:8.13.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.2::~~community~~~ cpe:/a:gitlab:gitlab:8.13.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.3::~~community~~~ cpe:/a:gitlab:gitlab:8.13.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.4::~~community~~~ cpe:/a:gitlab:gitlab:8.13.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.5::~~community~~~ cpe:/a:gitlab:gitlab:8.13.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.6::~~community~~~ cpe:/a:gitlab:gitlab:8.13.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.7::~~community~~~ cpe:/a:gitlab:gitlab:8.13.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.8::~~community~~~ cpe:/a:gitlab:gitlab:8.13.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.9::~~community~~~ cpe:/a:gitlab:gitlab:8.13.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.10::~~community~~~ cpe:/a:gitlab:gitlab:8.13.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.11::~~community~~~ cpe:/a:gitlab:gitlab:8.13.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.12::~~community~~~ cpe:/a:gitlab:gitlab:8.13.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.0::~~community~~~ cpe:/a:gitlab:gitlab:8.14.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.14.1::~~community~~~ cpe:/a:gitlab:gitlab:8.14.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.2::~~community~~~ cpe:/a:gitlab:gitlab:8.14.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.3::~~community~~~ cpe:/a:gitlab:gitlab:8.14.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.4::~~community~~~ cpe:/a:gitlab:gitlab:8.14.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.5::~~community~~~ cpe:/a:gitlab:gitlab:8.14.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.6::~~community~~~ cpe:/a:gitlab:gitlab:8.14.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.7::~~community~~~ cpe:/a:gitlab:gitlab:8.14.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.8::~~community~~~ cpe:/a:gitlab:gitlab:8.14.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.9::~~community~~~ cpe:/a:gitlab:gitlab:8.14.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.10::~~community~~~ cpe:/a:gitlab:gitlab:8.14.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.0::~~community~~~ cpe:/a:gitlab:gitlab:8.15.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.1::~~community~~~ cpe:/a:gitlab:gitlab:8.15.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.2::~~community~~~ cpe:/a:gitlab:gitlab:8.15.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.3::~~community~~~ cpe:/a:gitlab:gitlab:8.15.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.4::~~community~~~ cpe:/a:gitlab:gitlab:8.15.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.5::~~community~~~ cpe:/a:gitlab:gitlab:8.15.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.6::~~community~~~ cpe:/a:gitlab:gitlab:8.15.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.7::~~community~~~ cpe:/a:gitlab:gitlab:8.15.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.8::~~community~~~ cpe:/a:gitlab:gitlab:8.15.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0::~~community~~~ cpe:/a:gitlab:gitlab:8.16.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.2::~~community~~~ cpe:/a:gitlab:gitlab:8.16.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.3::~~community~~~ cpe:/a:gitlab:gitlab:8.16.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.4::~~community~~~ cpe:/a:gitlab:gitlab:8.16.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.5::~~community~~~ cpe:/a:gitlab:gitlab:8.16.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.6::~~community~~~ cpe:/a:gitlab:gitlab:8.16.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.7::~~community~~~ cpe:/a:gitlab:gitlab:8.16.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.8::~~community~~~ cpe:/a:gitlab:gitlab:8.16.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.9::~~community~~~ cpe:/a:gitlab:gitlab:8.16.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0::~~community~~~ cpe:/a:gitlab:gitlab:8.17.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.2::~~community~~~ cpe:/a:gitlab:gitlab:8.17.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.3::~~community~~~ cpe:/a:gitlab:gitlab:8.17.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.4::~~community~~~ cpe:/a:gitlab:gitlab:8.17.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.5::~~community~~~ cpe:/a:gitlab:gitlab:8.17.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.6::~~community~~~ cpe:/a:gitlab:gitlab:8.17.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.7::~~community~~~ cpe:/a:gitlab:gitlab:8.17.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.8::~~community~~~ cpe:/a:gitlab:gitlab:8.17.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.18.0:-:~~community~~~ cpe:/a:gitlab:gitlab:8.18.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.2::~~community~~~ cpe:/a:gitlab:gitlab:9.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.3::~~community~~~ cpe:/a:gitlab:gitlab:9.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.4::~~community~~~ cpe:/a:gitlab:gitlab:9.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.5::~~community~~~ cpe:/a:gitlab:gitlab:9.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.6::~~community~~~ cpe:/a:gitlab:gitlab:9.0.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.7::~~community~~~ cpe:/a:gitlab:gitlab:9.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.8::~~community~~~ cpe:/a:gitlab:gitlab:9.0.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.9::~~community~~~ cpe:/a:gitlab:gitlab:9.0.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.10::~~community~~~ cpe:/a:gitlab:gitlab:9.0.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.11::~~community~~~ cpe:/a:gitlab:gitlab:9.0.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.12::~~community~~~ cpe:/a:gitlab:gitlab:9.0.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.13::~~community~~~ cpe:/a:gitlab:gitlab:9.0.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0::~~community~~~ cpe:/a:gitlab:gitlab:9.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.2::~~community~~~ cpe:/a:gitlab:gitlab:9.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.3::~~community~~~ cpe:/a:gitlab:gitlab:9.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.4::~~community~~~ cpe:/a:gitlab:gitlab:9.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.5::~~community~~~ cpe:/a:gitlab:gitlab:9.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.6::~~community~~~ cpe:/a:gitlab:gitlab:9.1.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.7::~~community~~~ cpe:/a:gitlab:gitlab:9.1.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.8::~~community~~~ cpe:/a:gitlab:gitlab:9.1.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.9::~~community~~~ cpe:/a:gitlab:gitlab:9.1.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.10::~~community~~~ cpe:/a:gitlab:gitlab:9.1.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0::~~community~~~ cpe:/a:gitlab:gitlab:9.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.2::~~community~~~ cpe:/a:gitlab:gitlab:9.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.3::~~community~~~ cpe:/a:gitlab:gitlab:9.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.4::~~community~~~ cpe:/a:gitlab:gitlab:9.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.5::~~community~~~ cpe:/a:gitlab:gitlab:9.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.6::~~community~~~ cpe:/a:gitlab:gitlab:9.2.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.7::~~community~~~ cpe:/a:gitlab:gitlab:9.2.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.8::~~community~~~ cpe:/a:gitlab:gitlab:9.2.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.9::~~community~~~ cpe:/a:gitlab:gitlab:9.2.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.10::~~community~~~ cpe:/a:gitlab:gitlab:9.2.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0::~~community~~~ cpe:/a:gitlab:gitlab:9.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.2::~~community~~~ cpe:/a:gitlab:gitlab:9.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.3::~~community~~~ cpe:/a:gitlab:gitlab:9.3.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.4::~~community~~~ cpe:/a:gitlab:gitlab:9.3.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.5::~~community~~~ cpe:/a:gitlab:gitlab:9.3.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.6::~~community~~~ cpe:/a:gitlab:gitlab:9.3.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.7::~~community~~~ cpe:/a:gitlab:gitlab:9.3.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.8::~~community~~~ cpe:/a:gitlab:gitlab:9.3.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.9::~~community~~~ cpe:/a:gitlab:gitlab:9.3.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.10::~~community~~~ cpe:/a:gitlab:gitlab:9.3.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.11::~~community~~~ cpe:/a:gitlab:gitlab:9.3.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0::~~community~~~ cpe:/a:gitlab:gitlab:9.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.2::~~community~~~ cpe:/a:gitlab:gitlab:9.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.3::~~community~~~ cpe:/a:gitlab:gitlab:9.4.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.4::~~community~~~ cpe:/a:gitlab:gitlab:9.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.5::~~community~~~ cpe:/a:gitlab:gitlab:9.4.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.6::~~community~~~ cpe:/a:gitlab:gitlab:9.4.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.7::~~community~~~ cpe:/a:gitlab:gitlab:9.4.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0::~~community~~~ cpe:/a:gitlab:gitlab:9.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.2::~~community~~~ cpe:/a:gitlab:gitlab:9.5.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.3::~~community~~~ cpe:/a:gitlab:gitlab:9.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.4::~~community~~~ cpe:/a:gitlab:gitlab:9.5.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.5::~~community~~~ cpe:/a:gitlab:gitlab:9.5.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.6::~~community~~~ cpe:/a:gitlab:gitlab:9.5.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.7::~~community~~~ cpe:/a:gitlab:gitlab:9.5.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.8::~~community~~~ cpe:/a:gitlab:gitlab:9.5.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.9::~~community~~~ cpe:/a:gitlab:gitlab:9.5.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.10::~~community~~~ cpe:/a:gitlab:gitlab:9.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0::~~community~~~ cpe:/a:gitlab:gitlab:10.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.2::~~community~~~ cpe:/a:gitlab:gitlab:10.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.3::~~community~~~ cpe:/a:gitlab:gitlab:10.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.4::~~community~~~ cpe:/a:gitlab:gitlab:10.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.5::~~community~~~ cpe:/a:gitlab:gitlab:10.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.6::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0::~~community~~~ cpe:/a:gitlab:gitlab:10.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.2::~~community~~~ cpe:/a:gitlab:gitlab:10.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.3::~~community~~~ cpe:/a:gitlab:gitlab:10.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.4::~~community~~~ cpe:/a:gitlab:gitlab:10.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.5::~~community~~~ cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0::~~community~~~ cpe:/a:gitlab:gitlab:10.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.2::~~community~~~ cpe:/a:gitlab:gitlab:10.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.3::~~community~~~ cpe:/a:gitlab:gitlab:10.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.4::~~community~~~ cpe:/a:gitlab:gitlab:10.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.5::~~community~~~ cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0::~~community~~~ cpe:/a:gitlab:gitlab:10.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.2::~~community~~~ cpe:/a:gitlab:gitlab:10.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.3::~~community~~~ cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~ cpe:/o:debian:debian_linux:9.0

CVE-2017-0915

2018-03-21T16:29:00.293-04:00

2019-10-09T19:21:12.260-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ MISC https://hackerone.com/reports/298873 DEBIAN DSA-4145 Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.

cpe:/a:gitlab:gitlab:8.8.0::~~community~~~ cpe:/a:gitlab:gitlab:8.8.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.8.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.8.1::~~community~~~ cpe:/a:gitlab:gitlab:8.8.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.2::~~community~~~ cpe:/a:gitlab:gitlab:8.8.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.3::~~community~~~ cpe:/a:gitlab:gitlab:8.8.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.4::~~community~~~ cpe:/a:gitlab:gitlab:8.8.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.5::~~community~~~ cpe:/a:gitlab:gitlab:8.8.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.6::~~community~~~ cpe:/a:gitlab:gitlab:8.8.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.7::~~community~~~ cpe:/a:gitlab:gitlab:8.8.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.8::~~community~~~ cpe:/a:gitlab:gitlab:8.8.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.9::~~community~~~ cpe:/a:gitlab:gitlab:8.8.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.0::~~community~~~ cpe:/a:gitlab:gitlab:8.9.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:8.9.1::~~community~~~ cpe:/a:gitlab:gitlab:8.9.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.2::~~community~~~ cpe:/a:gitlab:gitlab:8.9.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.3::~~community~~~ cpe:/a:gitlab:gitlab:8.9.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.4::~~community~~~ cpe:/a:gitlab:gitlab:8.9.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.5::~~community~~~ cpe:/a:gitlab:gitlab:8.9.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.6::~~community~~~ cpe:/a:gitlab:gitlab:8.9.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.7::~~community~~~ cpe:/a:gitlab:gitlab:8.9.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.8::~~community~~~ cpe:/a:gitlab:gitlab:8.9.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.9::~~community~~~ cpe:/a:gitlab:gitlab:8.9.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.10::~~community~~~ cpe:/a:gitlab:gitlab:8.9.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.11::~~community~~~ cpe:/a:gitlab:gitlab:8.9.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.0::~~community~~~ cpe:/a:gitlab:gitlab:8.10.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc10:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc11:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc12:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc13:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc9:~~community~~~ cpe:/a:gitlab:gitlab:8.10.1::~~community~~~ cpe:/a:gitlab:gitlab:8.10.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.2::~~community~~~ cpe:/a:gitlab:gitlab:8.10.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.3::~~community~~~ cpe:/a:gitlab:gitlab:8.10.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.4::~~community~~~ cpe:/a:gitlab:gitlab:8.10.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.5::~~community~~~ cpe:/a:gitlab:gitlab:8.10.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.6::~~community~~~ cpe:/a:gitlab:gitlab:8.10.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.7::~~community~~~ cpe:/a:gitlab:gitlab:8.10.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.8::~~community~~~ cpe:/a:gitlab:gitlab:8.10.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.9::~~community~~~ cpe:/a:gitlab:gitlab:8.10.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.10::~~community~~~ cpe:/a:gitlab:gitlab:8.10.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.11::~~community~~~ cpe:/a:gitlab:gitlab:8.10.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.12::~~community~~~ cpe:/a:gitlab:gitlab:8.10.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.13::~~community~~~ cpe:/a:gitlab:gitlab:8.10.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.0::~~community~~~ cpe:/a:gitlab:gitlab:8.11.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.11.1::~~community~~~ cpe:/a:gitlab:gitlab:8.11.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.2::~~community~~~ cpe:/a:gitlab:gitlab:8.11.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.3::~~community~~~ cpe:/a:gitlab:gitlab:8.11.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.4::~~community~~~ cpe:/a:gitlab:gitlab:8.11.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.5::~~community~~~ cpe:/a:gitlab:gitlab:8.11.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.6::~~community~~~ cpe:/a:gitlab:gitlab:8.11.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.7::~~community~~~ cpe:/a:gitlab:gitlab:8.11.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.8::~~community~~~ cpe:/a:gitlab:gitlab:8.11.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.9::~~community~~~ cpe:/a:gitlab:gitlab:8.11.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.10::~~community~~~ cpe:/a:gitlab:gitlab:8.11.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.11::~~community~~~ cpe:/a:gitlab:gitlab:8.11.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.0::~~community~~~ cpe:/a:gitlab:gitlab:8.12.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.12.1::~~community~~~ cpe:/a:gitlab:gitlab:8.12.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.2::~~community~~~ cpe:/a:gitlab:gitlab:8.12.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.3::~~community~~~ cpe:/a:gitlab:gitlab:8.12.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.4::~~community~~~ cpe:/a:gitlab:gitlab:8.12.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.5::~~community~~~ cpe:/a:gitlab:gitlab:8.12.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.6::~~community~~~ cpe:/a:gitlab:gitlab:8.12.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.7::~~community~~~ cpe:/a:gitlab:gitlab:8.12.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.8::~~community~~~ cpe:/a:gitlab:gitlab:8.12.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.9::~~community~~~ cpe:/a:gitlab:gitlab:8.12.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.10::~~community~~~ cpe:/a:gitlab:gitlab:8.12.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.11::~~community~~~ cpe:/a:gitlab:gitlab:8.12.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.12::~~community~~~ cpe:/a:gitlab:gitlab:8.12.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.13::~~community~~~ cpe:/a:gitlab:gitlab:8.13.0::~~community~~~ cpe:/a:gitlab:gitlab:8.13.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.13.1::~~community~~~ cpe:/a:gitlab:gitlab:8.13.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.2::~~community~~~ cpe:/a:gitlab:gitlab:8.13.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.3::~~community~~~ cpe:/a:gitlab:gitlab:8.13.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.4::~~community~~~ cpe:/a:gitlab:gitlab:8.13.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.5::~~community~~~ cpe:/a:gitlab:gitlab:8.13.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.6::~~community~~~ cpe:/a:gitlab:gitlab:8.13.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.7::~~community~~~ cpe:/a:gitlab:gitlab:8.13.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.8::~~community~~~ cpe:/a:gitlab:gitlab:8.13.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.9::~~community~~~ cpe:/a:gitlab:gitlab:8.13.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.10::~~community~~~ cpe:/a:gitlab:gitlab:8.13.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.11::~~community~~~ cpe:/a:gitlab:gitlab:8.13.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.12::~~community~~~ cpe:/a:gitlab:gitlab:8.13.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.0::~~community~~~ cpe:/a:gitlab:gitlab:8.14.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.14.1::~~community~~~ cpe:/a:gitlab:gitlab:8.14.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.2::~~community~~~ cpe:/a:gitlab:gitlab:8.14.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.3::~~community~~~ cpe:/a:gitlab:gitlab:8.14.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.4::~~community~~~ cpe:/a:gitlab:gitlab:8.14.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.5::~~community~~~ cpe:/a:gitlab:gitlab:8.14.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.6::~~community~~~ cpe:/a:gitlab:gitlab:8.14.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.7::~~community~~~ cpe:/a:gitlab:gitlab:8.14.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.8::~~community~~~ cpe:/a:gitlab:gitlab:8.14.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.9::~~community~~~ cpe:/a:gitlab:gitlab:8.14.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.10::~~community~~~ cpe:/a:gitlab:gitlab:8.14.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.0::~~community~~~ cpe:/a:gitlab:gitlab:8.15.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.1::~~community~~~ cpe:/a:gitlab:gitlab:8.15.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.2::~~community~~~ cpe:/a:gitlab:gitlab:8.15.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.3::~~community~~~ cpe:/a:gitlab:gitlab:8.15.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.4::~~community~~~ cpe:/a:gitlab:gitlab:8.15.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.5::~~community~~~ cpe:/a:gitlab:gitlab:8.15.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.6::~~community~~~ cpe:/a:gitlab:gitlab:8.15.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.7::~~community~~~ cpe:/a:gitlab:gitlab:8.15.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.8::~~community~~~ cpe:/a:gitlab:gitlab:8.15.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0::~~community~~~ cpe:/a:gitlab:gitlab:8.16.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.2::~~community~~~ cpe:/a:gitlab:gitlab:8.16.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.3::~~community~~~ cpe:/a:gitlab:gitlab:8.16.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.4::~~community~~~ cpe:/a:gitlab:gitlab:8.16.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.5::~~community~~~ cpe:/a:gitlab:gitlab:8.16.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.6::~~community~~~ cpe:/a:gitlab:gitlab:8.16.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.7::~~community~~~ cpe:/a:gitlab:gitlab:8.16.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.8::~~community~~~ cpe:/a:gitlab:gitlab:8.16.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.9::~~community~~~ cpe:/a:gitlab:gitlab:8.16.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0::~~community~~~ cpe:/a:gitlab:gitlab:8.17.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.2::~~community~~~ cpe:/a:gitlab:gitlab:8.17.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.3::~~community~~~ cpe:/a:gitlab:gitlab:8.17.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.4::~~community~~~ cpe:/a:gitlab:gitlab:8.17.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.5::~~community~~~ cpe:/a:gitlab:gitlab:8.17.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.6::~~community~~~ cpe:/a:gitlab:gitlab:8.17.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.7::~~community~~~ cpe:/a:gitlab:gitlab:8.17.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.8::~~community~~~ cpe:/a:gitlab:gitlab:8.17.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.18.0:-:~~community~~~ cpe:/a:gitlab:gitlab:8.18.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.2::~~community~~~ cpe:/a:gitlab:gitlab:9.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.3::~~community~~~ cpe:/a:gitlab:gitlab:9.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.4::~~community~~~ cpe:/a:gitlab:gitlab:9.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.5::~~community~~~ cpe:/a:gitlab:gitlab:9.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.6::~~community~~~ cpe:/a:gitlab:gitlab:9.0.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.7::~~community~~~ cpe:/a:gitlab:gitlab:9.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.8::~~community~~~ cpe:/a:gitlab:gitlab:9.0.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.9::~~community~~~ cpe:/a:gitlab:gitlab:9.0.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.10::~~community~~~ cpe:/a:gitlab:gitlab:9.0.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.11::~~community~~~ cpe:/a:gitlab:gitlab:9.0.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.12::~~community~~~ cpe:/a:gitlab:gitlab:9.0.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.13::~~community~~~ cpe:/a:gitlab:gitlab:9.0.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0::~~community~~~ cpe:/a:gitlab:gitlab:9.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.2::~~community~~~ cpe:/a:gitlab:gitlab:9.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.3::~~community~~~ cpe:/a:gitlab:gitlab:9.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.4::~~community~~~ cpe:/a:gitlab:gitlab:9.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.5::~~community~~~ cpe:/a:gitlab:gitlab:9.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.6::~~community~~~ cpe:/a:gitlab:gitlab:9.1.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.7::~~community~~~ cpe:/a:gitlab:gitlab:9.1.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.8::~~community~~~ cpe:/a:gitlab:gitlab:9.1.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.9::~~community~~~ cpe:/a:gitlab:gitlab:9.1.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.10::~~community~~~ cpe:/a:gitlab:gitlab:9.1.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0::~~community~~~ cpe:/a:gitlab:gitlab:9.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.2::~~community~~~ cpe:/a:gitlab:gitlab:9.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.3::~~community~~~ cpe:/a:gitlab:gitlab:9.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.4::~~community~~~ cpe:/a:gitlab:gitlab:9.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.5::~~community~~~ cpe:/a:gitlab:gitlab:9.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.6::~~community~~~ cpe:/a:gitlab:gitlab:9.2.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.7::~~community~~~ cpe:/a:gitlab:gitlab:9.2.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.8::~~community~~~ cpe:/a:gitlab:gitlab:9.2.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.9::~~community~~~ cpe:/a:gitlab:gitlab:9.2.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.10::~~community~~~ cpe:/a:gitlab:gitlab:9.2.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0::~~community~~~ cpe:/a:gitlab:gitlab:9.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.2::~~community~~~ cpe:/a:gitlab:gitlab:9.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.3::~~community~~~ cpe:/a:gitlab:gitlab:9.3.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.4::~~community~~~ cpe:/a:gitlab:gitlab:9.3.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.5::~~community~~~ cpe:/a:gitlab:gitlab:9.3.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.6::~~community~~~ cpe:/a:gitlab:gitlab:9.3.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.7::~~community~~~ cpe:/a:gitlab:gitlab:9.3.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.8::~~community~~~ cpe:/a:gitlab:gitlab:9.3.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.9::~~community~~~ cpe:/a:gitlab:gitlab:9.3.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.10::~~community~~~ cpe:/a:gitlab:gitlab:9.3.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.11::~~community~~~ cpe:/a:gitlab:gitlab:9.3.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0::~~community~~~ cpe:/a:gitlab:gitlab:9.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.2::~~community~~~ cpe:/a:gitlab:gitlab:9.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.3::~~community~~~ cpe:/a:gitlab:gitlab:9.4.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.4::~~community~~~ cpe:/a:gitlab:gitlab:9.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.5::~~community~~~ cpe:/a:gitlab:gitlab:9.4.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.6::~~community~~~ cpe:/a:gitlab:gitlab:9.4.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.7::~~community~~~ cpe:/a:gitlab:gitlab:9.4.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0::~~community~~~ cpe:/a:gitlab:gitlab:9.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.2::~~community~~~ cpe:/a:gitlab:gitlab:9.5.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.3::~~community~~~ cpe:/a:gitlab:gitlab:9.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.4::~~community~~~ cpe:/a:gitlab:gitlab:9.5.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.5::~~community~~~ cpe:/a:gitlab:gitlab:9.5.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.6::~~community~~~ cpe:/a:gitlab:gitlab:9.5.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.7::~~community~~~ cpe:/a:gitlab:gitlab:9.5.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.8::~~community~~~ cpe:/a:gitlab:gitlab:9.5.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.9::~~community~~~ cpe:/a:gitlab:gitlab:9.5.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.10::~~community~~~ cpe:/a:gitlab:gitlab:9.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.6.0:-:~~community~~~ cpe:/a:gitlab:gitlab:9.6.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0::~~community~~~ cpe:/a:gitlab:gitlab:10.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.2::~~community~~~ cpe:/a:gitlab:gitlab:10.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.3::~~community~~~ cpe:/a:gitlab:gitlab:10.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.4::~~community~~~ cpe:/a:gitlab:gitlab:10.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.5::~~community~~~ cpe:/a:gitlab:gitlab:10.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.6::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0::~~community~~~ cpe:/a:gitlab:gitlab:10.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.2::~~community~~~ cpe:/a:gitlab:gitlab:10.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.3::~~community~~~ cpe:/a:gitlab:gitlab:10.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.4::~~community~~~ cpe:/a:gitlab:gitlab:10.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.5::~~community~~~ cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0::~~community~~~ cpe:/a:gitlab:gitlab:10.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.2::~~community~~~ cpe:/a:gitlab:gitlab:10.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.3::~~community~~~ cpe:/a:gitlab:gitlab:10.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.4::~~community~~~ cpe:/a:gitlab:gitlab:10.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.5::~~community~~~ cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0::~~community~~~ cpe:/a:gitlab:gitlab:10.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.2::~~community~~~ cpe:/a:gitlab:gitlab:10.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.3::~~community~~~ cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~ cpe:/o:debian:debian_linux:9.0

CVE-2017-0916

2018-03-21T16:29:00.357-04:00

2019-10-09T19:21:12.383-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ MISC https://hackerone.com/reports/299473 DEBIAN DSA-4145 Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.

cpe:/a:gitlab:gitlab:10.1.0::~~community~~~ cpe:/a:gitlab:gitlab:10.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.2::~~community~~~ cpe:/a:gitlab:gitlab:10.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.3::~~community~~~ cpe:/a:gitlab:gitlab:10.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.4::~~community~~~ cpe:/a:gitlab:gitlab:10.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.5::~~community~~~ cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0::~~community~~~ cpe:/a:gitlab:gitlab:10.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.2::~~community~~~ cpe:/a:gitlab:gitlab:10.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.3::~~community~~~ cpe:/a:gitlab:gitlab:10.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.4::~~community~~~ cpe:/a:gitlab:gitlab:10.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.5::~~community~~~ cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0::~~community~~~ cpe:/a:gitlab:gitlab:10.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.2::~~community~~~ cpe:/a:gitlab:gitlab:10.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.3::~~community~~~ cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~ cpe:/o:debian:debian_linux:9.0

CVE-2017-0917

2018-03-21T16:29:00.417-04:00

2019-10-09T19:21:12.510-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ MISC https://hackerone.com/reports/299525 DEBIAN DSA-4145 Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.

cpe:/a:gitlab:gitlab:8.4.0::~~community~~~ cpe:/a:gitlab:gitlab:8.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.4.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.4.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.4.1::~~community~~~ cpe:/a:gitlab:gitlab:8.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.2::~~community~~~ cpe:/a:gitlab:gitlab:8.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.3::~~community~~~ cpe:/a:gitlab:gitlab:8.4.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.4::~~community~~~ cpe:/a:gitlab:gitlab:8.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.5::~~community~~~ cpe:/a:gitlab:gitlab:8.4.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.6::~~community~~~ cpe:/a:gitlab:gitlab:8.4.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.7::~~community~~~ cpe:/a:gitlab:gitlab:8.4.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.8::~~community~~~ cpe:/a:gitlab:gitlab:8.4.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.9::~~community~~~ cpe:/a:gitlab:gitlab:8.4.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.10::~~community~~~ cpe:/a:gitlab:gitlab:8.4.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.11::~~community~~~ cpe:/a:gitlab:gitlab:8.4.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.0::~~community~~~ cpe:/a:gitlab:gitlab:8.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.5.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.5.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.5.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.5.1::~~community~~~ cpe:/a:gitlab:gitlab:8.5.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.2::~~community~~~ cpe:/a:gitlab:gitlab:8.5.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.3::~~community~~~ cpe:/a:gitlab:gitlab:8.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.4::~~community~~~ cpe:/a:gitlab:gitlab:8.5.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.5:-:~~community~~~ cpe:/a:gitlab:gitlab:8.5.5:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.5.6::~~community~~~ cpe:/a:gitlab:gitlab:8.5.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.7::~~community~~~ cpe:/a:gitlab:gitlab:8.5.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.8::~~community~~~ cpe:/a:gitlab:gitlab:8.5.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.9::~~community~~~ cpe:/a:gitlab:gitlab:8.5.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.10::~~community~~~ cpe:/a:gitlab:gitlab:8.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.11::~~community~~~ cpe:/a:gitlab:gitlab:8.5.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.12::~~community~~~ cpe:/a:gitlab:gitlab:8.5.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.13::~~community~~~ cpe:/a:gitlab:gitlab:8.5.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.0::~~community~~~ cpe:/a:gitlab:gitlab:8.6.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.6.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.6.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.6.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.6.1::~~community~~~ cpe:/a:gitlab:gitlab:8.6.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.2::~~community~~~ cpe:/a:gitlab:gitlab:8.6.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.3::~~community~~~ cpe:/a:gitlab:gitlab:8.6.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.4::~~community~~~ cpe:/a:gitlab:gitlab:8.6.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.5::~~community~~~ cpe:/a:gitlab:gitlab:8.6.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.6::~~community~~~ cpe:/a:gitlab:gitlab:8.6.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.7::~~community~~~ cpe:/a:gitlab:gitlab:8.6.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.8::~~community~~~ cpe:/a:gitlab:gitlab:8.6.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.9::~~community~~~ cpe:/a:gitlab:gitlab:8.6.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.0::~~community~~~ cpe:/a:gitlab:gitlab:8.7.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.7.1::~~community~~~ cpe:/a:gitlab:gitlab:8.7.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.2::~~community~~~ cpe:/a:gitlab:gitlab:8.7.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.3::~~community~~~ cpe:/a:gitlab:gitlab:8.7.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.4::~~community~~~ cpe:/a:gitlab:gitlab:8.7.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.5::~~community~~~ cpe:/a:gitlab:gitlab:8.7.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.6::~~community~~~ cpe:/a:gitlab:gitlab:8.7.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.7::~~community~~~ cpe:/a:gitlab:gitlab:8.7.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.8::~~community~~~ cpe:/a:gitlab:gitlab:8.7.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.9::~~community~~~ cpe:/a:gitlab:gitlab:8.7.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.0::~~community~~~ cpe:/a:gitlab:gitlab:8.8.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.8.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.8.1::~~community~~~ cpe:/a:gitlab:gitlab:8.8.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.2::~~community~~~ cpe:/a:gitlab:gitlab:8.8.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.3::~~community~~~ cpe:/a:gitlab:gitlab:8.8.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.4::~~community~~~ cpe:/a:gitlab:gitlab:8.8.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.5::~~community~~~ cpe:/a:gitlab:gitlab:8.8.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.6::~~community~~~ cpe:/a:gitlab:gitlab:8.8.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.7::~~community~~~ cpe:/a:gitlab:gitlab:8.8.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.8::~~community~~~ cpe:/a:gitlab:gitlab:8.8.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.9::~~community~~~ cpe:/a:gitlab:gitlab:8.8.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.0::~~community~~~ cpe:/a:gitlab:gitlab:8.9.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:8.9.1::~~community~~~ cpe:/a:gitlab:gitlab:8.9.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.2::~~community~~~ cpe:/a:gitlab:gitlab:8.9.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.3::~~community~~~ cpe:/a:gitlab:gitlab:8.9.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.4::~~community~~~ cpe:/a:gitlab:gitlab:8.9.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.5::~~community~~~ cpe:/a:gitlab:gitlab:8.9.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.6::~~community~~~ cpe:/a:gitlab:gitlab:8.9.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.7::~~community~~~ cpe:/a:gitlab:gitlab:8.9.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.8::~~community~~~ cpe:/a:gitlab:gitlab:8.9.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.9::~~community~~~ cpe:/a:gitlab:gitlab:8.9.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.10::~~community~~~ cpe:/a:gitlab:gitlab:8.9.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.11::~~community~~~ cpe:/a:gitlab:gitlab:8.9.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.0::~~community~~~ cpe:/a:gitlab:gitlab:8.10.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc10:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc11:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc12:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc13:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc9:~~community~~~ cpe:/a:gitlab:gitlab:8.10.1::~~community~~~ cpe:/a:gitlab:gitlab:8.10.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.2::~~community~~~ cpe:/a:gitlab:gitlab:8.10.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.3::~~community~~~ cpe:/a:gitlab:gitlab:8.10.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.4::~~community~~~ cpe:/a:gitlab:gitlab:8.10.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.5::~~community~~~ cpe:/a:gitlab:gitlab:8.10.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.6::~~community~~~ cpe:/a:gitlab:gitlab:8.10.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.7::~~community~~~ cpe:/a:gitlab:gitlab:8.10.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.8::~~community~~~ cpe:/a:gitlab:gitlab:8.10.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.9::~~community~~~ cpe:/a:gitlab:gitlab:8.10.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.10::~~community~~~ cpe:/a:gitlab:gitlab:8.10.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.11::~~community~~~ cpe:/a:gitlab:gitlab:8.10.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.12::~~community~~~ cpe:/a:gitlab:gitlab:8.10.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.13::~~community~~~ cpe:/a:gitlab:gitlab:8.10.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.0::~~community~~~ cpe:/a:gitlab:gitlab:8.11.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.11.1::~~community~~~ cpe:/a:gitlab:gitlab:8.11.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.2::~~community~~~ cpe:/a:gitlab:gitlab:8.11.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.3::~~community~~~ cpe:/a:gitlab:gitlab:8.11.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.4::~~community~~~ cpe:/a:gitlab:gitlab:8.11.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.5::~~community~~~ cpe:/a:gitlab:gitlab:8.11.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.6::~~community~~~ cpe:/a:gitlab:gitlab:8.11.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.7::~~community~~~ cpe:/a:gitlab:gitlab:8.11.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.8::~~community~~~ cpe:/a:gitlab:gitlab:8.11.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.9::~~community~~~ cpe:/a:gitlab:gitlab:8.11.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.10::~~community~~~ cpe:/a:gitlab:gitlab:8.11.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.11::~~community~~~ cpe:/a:gitlab:gitlab:8.11.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.0::~~community~~~ cpe:/a:gitlab:gitlab:8.12.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.12.1::~~community~~~ cpe:/a:gitlab:gitlab:8.12.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.2::~~community~~~ cpe:/a:gitlab:gitlab:8.12.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.3::~~community~~~ cpe:/a:gitlab:gitlab:8.12.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.4::~~community~~~ cpe:/a:gitlab:gitlab:8.12.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.5::~~community~~~ cpe:/a:gitlab:gitlab:8.12.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.6::~~community~~~ cpe:/a:gitlab:gitlab:8.12.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.7::~~community~~~ cpe:/a:gitlab:gitlab:8.12.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.8::~~community~~~ cpe:/a:gitlab:gitlab:8.12.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.9::~~community~~~ cpe:/a:gitlab:gitlab:8.12.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.10::~~community~~~ cpe:/a:gitlab:gitlab:8.12.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.11::~~community~~~ cpe:/a:gitlab:gitlab:8.12.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.12::~~community~~~ cpe:/a:gitlab:gitlab:8.12.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.13::~~community~~~ cpe:/a:gitlab:gitlab:8.13.0::~~community~~~ cpe:/a:gitlab:gitlab:8.13.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.13.1::~~community~~~ cpe:/a:gitlab:gitlab:8.13.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.2::~~community~~~ cpe:/a:gitlab:gitlab:8.13.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.3::~~community~~~ cpe:/a:gitlab:gitlab:8.13.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.4::~~community~~~ cpe:/a:gitlab:gitlab:8.13.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.5::~~community~~~ cpe:/a:gitlab:gitlab:8.13.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.6::~~community~~~ cpe:/a:gitlab:gitlab:8.13.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.7::~~community~~~ cpe:/a:gitlab:gitlab:8.13.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.8::~~community~~~ cpe:/a:gitlab:gitlab:8.13.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.9::~~community~~~ cpe:/a:gitlab:gitlab:8.13.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.10::~~community~~~ cpe:/a:gitlab:gitlab:8.13.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.11::~~community~~~ cpe:/a:gitlab:gitlab:8.13.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.12::~~community~~~ cpe:/a:gitlab:gitlab:8.13.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.0::~~community~~~ cpe:/a:gitlab:gitlab:8.14.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.14.1::~~community~~~ cpe:/a:gitlab:gitlab:8.14.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.2::~~community~~~ cpe:/a:gitlab:gitlab:8.14.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.3::~~community~~~ cpe:/a:gitlab:gitlab:8.14.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.4::~~community~~~ cpe:/a:gitlab:gitlab:8.14.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.5::~~community~~~ cpe:/a:gitlab:gitlab:8.14.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.6::~~community~~~ cpe:/a:gitlab:gitlab:8.14.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.7::~~community~~~ cpe:/a:gitlab:gitlab:8.14.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.8::~~community~~~ cpe:/a:gitlab:gitlab:8.14.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.9::~~community~~~ cpe:/a:gitlab:gitlab:8.14.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.10::~~community~~~ cpe:/a:gitlab:gitlab:8.14.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.0::~~community~~~ cpe:/a:gitlab:gitlab:8.15.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.1::~~community~~~ cpe:/a:gitlab:gitlab:8.15.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.2::~~community~~~ cpe:/a:gitlab:gitlab:8.15.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.3::~~community~~~ cpe:/a:gitlab:gitlab:8.15.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.4::~~community~~~ cpe:/a:gitlab:gitlab:8.15.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.5::~~community~~~ cpe:/a:gitlab:gitlab:8.15.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.6::~~community~~~ cpe:/a:gitlab:gitlab:8.15.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.7::~~community~~~ cpe:/a:gitlab:gitlab:8.15.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.8::~~community~~~ cpe:/a:gitlab:gitlab:8.15.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0::~~community~~~ cpe:/a:gitlab:gitlab:8.16.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.2::~~community~~~ cpe:/a:gitlab:gitlab:8.16.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.3::~~community~~~ cpe:/a:gitlab:gitlab:8.16.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.4::~~community~~~ cpe:/a:gitlab:gitlab:8.16.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.5::~~community~~~ cpe:/a:gitlab:gitlab:8.16.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.6::~~community~~~ cpe:/a:gitlab:gitlab:8.16.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.7::~~community~~~ cpe:/a:gitlab:gitlab:8.16.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.8::~~community~~~ cpe:/a:gitlab:gitlab:8.16.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.9::~~community~~~ cpe:/a:gitlab:gitlab:8.16.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0::~~community~~~ cpe:/a:gitlab:gitlab:8.17.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.2::~~community~~~ cpe:/a:gitlab:gitlab:8.17.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.3::~~community~~~ cpe:/a:gitlab:gitlab:8.17.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.4::~~community~~~ cpe:/a:gitlab:gitlab:8.17.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.5::~~community~~~ cpe:/a:gitlab:gitlab:8.17.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.6::~~community~~~ cpe:/a:gitlab:gitlab:8.17.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.7::~~community~~~ cpe:/a:gitlab:gitlab:8.17.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.8::~~community~~~ cpe:/a:gitlab:gitlab:8.17.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.18.0:-:~~community~~~ cpe:/a:gitlab:gitlab:8.18.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.2::~~community~~~ cpe:/a:gitlab:gitlab:9.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.3::~~community~~~ cpe:/a:gitlab:gitlab:9.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.4::~~community~~~ cpe:/a:gitlab:gitlab:9.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.5::~~community~~~ cpe:/a:gitlab:gitlab:9.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.6::~~community~~~ cpe:/a:gitlab:gitlab:9.0.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.7::~~community~~~ cpe:/a:gitlab:gitlab:9.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.8::~~community~~~ cpe:/a:gitlab:gitlab:9.0.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.9::~~community~~~ cpe:/a:gitlab:gitlab:9.0.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.10::~~community~~~ cpe:/a:gitlab:gitlab:9.0.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.11::~~community~~~ cpe:/a:gitlab:gitlab:9.0.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.12::~~community~~~ cpe:/a:gitlab:gitlab:9.0.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.13::~~community~~~ cpe:/a:gitlab:gitlab:9.0.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0::~~community~~~ cpe:/a:gitlab:gitlab:9.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.2::~~community~~~ cpe:/a:gitlab:gitlab:9.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.3::~~community~~~ cpe:/a:gitlab:gitlab:9.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.4::~~community~~~ cpe:/a:gitlab:gitlab:9.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.5::~~community~~~ cpe:/a:gitlab:gitlab:9.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.6::~~community~~~ cpe:/a:gitlab:gitlab:9.1.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.7::~~community~~~ cpe:/a:gitlab:gitlab:9.1.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.8::~~community~~~ cpe:/a:gitlab:gitlab:9.1.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.9::~~community~~~ cpe:/a:gitlab:gitlab:9.1.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.10::~~community~~~ cpe:/a:gitlab:gitlab:9.1.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0::~~community~~~ cpe:/a:gitlab:gitlab:9.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.2::~~community~~~ cpe:/a:gitlab:gitlab:9.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.3::~~community~~~ cpe:/a:gitlab:gitlab:9.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.4::~~community~~~ cpe:/a:gitlab:gitlab:9.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.5::~~community~~~ cpe:/a:gitlab:gitlab:9.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.6::~~community~~~ cpe:/a:gitlab:gitlab:9.2.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.7::~~community~~~ cpe:/a:gitlab:gitlab:9.2.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.8::~~community~~~ cpe:/a:gitlab:gitlab:9.2.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.9::~~community~~~ cpe:/a:gitlab:gitlab:9.2.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.10::~~community~~~ cpe:/a:gitlab:gitlab:9.2.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0::~~community~~~ cpe:/a:gitlab:gitlab:9.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.2::~~community~~~ cpe:/a:gitlab:gitlab:9.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.3::~~community~~~ cpe:/a:gitlab:gitlab:9.3.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.4::~~community~~~ cpe:/a:gitlab:gitlab:9.3.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.5::~~community~~~ cpe:/a:gitlab:gitlab:9.3.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.6::~~community~~~ cpe:/a:gitlab:gitlab:9.3.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.7::~~community~~~ cpe:/a:gitlab:gitlab:9.3.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.8::~~community~~~ cpe:/a:gitlab:gitlab:9.3.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.9::~~community~~~ cpe:/a:gitlab:gitlab:9.3.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.10::~~community~~~ cpe:/a:gitlab:gitlab:9.3.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.11::~~community~~~ cpe:/a:gitlab:gitlab:9.3.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0::~~community~~~ cpe:/a:gitlab:gitlab:9.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.2::~~community~~~ cpe:/a:gitlab:gitlab:9.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.3::~~community~~~ cpe:/a:gitlab:gitlab:9.4.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.4::~~community~~~ cpe:/a:gitlab:gitlab:9.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.5::~~community~~~ cpe:/a:gitlab:gitlab:9.4.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.6::~~community~~~ cpe:/a:gitlab:gitlab:9.4.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.7::~~community~~~ cpe:/a:gitlab:gitlab:9.4.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0::~~community~~~ cpe:/a:gitlab:gitlab:9.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.2::~~community~~~ cpe:/a:gitlab:gitlab:9.5.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.3::~~community~~~ cpe:/a:gitlab:gitlab:9.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.4::~~community~~~ cpe:/a:gitlab:gitlab:9.5.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.5::~~community~~~ cpe:/a:gitlab:gitlab:9.5.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.6::~~community~~~ cpe:/a:gitlab:gitlab:9.5.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.7::~~community~~~ cpe:/a:gitlab:gitlab:9.5.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.8::~~community~~~ cpe:/a:gitlab:gitlab:9.5.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.9::~~community~~~ cpe:/a:gitlab:gitlab:9.5.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.10::~~community~~~ cpe:/a:gitlab:gitlab:9.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0::~~community~~~ cpe:/a:gitlab:gitlab:10.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.2::~~community~~~ cpe:/a:gitlab:gitlab:10.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.3::~~community~~~ cpe:/a:gitlab:gitlab:10.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.4::~~community~~~ cpe:/a:gitlab:gitlab:10.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.5::~~community~~~ cpe:/a:gitlab:gitlab:10.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.6::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0::~~community~~~ cpe:/a:gitlab:gitlab:10.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.2::~~community~~~ cpe:/a:gitlab:gitlab:10.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.3::~~community~~~ cpe:/a:gitlab:gitlab:10.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.4::~~community~~~ cpe:/a:gitlab:gitlab:10.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.5::~~community~~~ cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.6::~~community~~~ cpe:/a:gitlab:gitlab:10.1.7::~~community~~~ cpe:/a:gitlab:gitlab:10.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.1::~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.2::~~community~~~ cpe:/a:gitlab:gitlab:10.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.3::~~community~~~ cpe:/a:gitlab:gitlab:10.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.4::~~community~~~ cpe:/a:gitlab:gitlab:10.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.5::~~community~~~ cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.1::~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.2::~~community~~~ cpe:/a:gitlab:gitlab:10.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.3::~~community~~~ cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~ cpe:/o:debian:debian_linux:9.0

CVE-2017-0918

2018-03-21T16:29:00.467-04:00

2019-10-09T19:21:12.650-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov CONFIRM https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ MISC https://hackerone.com/reports/301432 DEBIAN DSA-4145 Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.

cpe:/a:gitlab:gitlab:0.8.0::~~community~~~ cpe:/a:gitlab:gitlab:0.8.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:0.9.1::~~community~~~ cpe:/a:gitlab:gitlab:0.9.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:0.9.4::~~community~~~ cpe:/a:gitlab:gitlab:0.9.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:0.9.5::~~community~~~ cpe:/a:gitlab:gitlab:0.9.6::~~community~~~ cpe:/a:gitlab:gitlab:0.9.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:1.0.0::~~community~~~ cpe:/a:gitlab:gitlab:1.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:1.0.1::~~community~~~ cpe:/a:gitlab:gitlab:1.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:1.0.2::~~community~~~ cpe:/a:gitlab:gitlab:1.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:1.1.0::~~community~~~ cpe:/a:gitlab:gitlab:1.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:1.1.0:-:~~community~~~ cpe:/a:gitlab:gitlab:1.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:1.2.0::~~community~~~ cpe:/a:gitlab:gitlab:1.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:1.2.0:-:~~community~~~ cpe:/a:gitlab:gitlab:1.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:1.2.1::~~community~~~ cpe:/a:gitlab:gitlab:1.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:1.2.2::~~community~~~ cpe:/a:gitlab:gitlab:1.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:2.0.0::~~community~~~ cpe:/a:gitlab:gitlab:2.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:2.1.0::~~community~~~ cpe:/a:gitlab:gitlab:2.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:2.2.0::~~community~~~ cpe:/a:gitlab:gitlab:2.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:2.2.0:-:~~community~~~ cpe:/a:gitlab:gitlab:2.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:2.3.0::~~community~~~ cpe:/a:gitlab:gitlab:2.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:2.3.0:-:~~community~~~ cpe:/a:gitlab:gitlab:2.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:2.3.1::~~community~~~ cpe:/a:gitlab:gitlab:2.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:2.4.0::~~community~~~ cpe:/a:gitlab:gitlab:2.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:2.4.0:-:~~community~~~ cpe:/a:gitlab:gitlab:2.4.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:2.4.1::~~community~~~ cpe:/a:gitlab:gitlab:2.4.2::~~community~~~ cpe:/a:gitlab:gitlab:2.5.0::~~community~~~ cpe:/a:gitlab:gitlab:2.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:2.6.0::~~community~~~ cpe:/a:gitlab:gitlab:2.6.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:2.6.0:-:~~community~~~ cpe:/a:gitlab:gitlab:2.6.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:2.6.1::~~community~~~ cpe:/a:gitlab:gitlab:2.6.2::~~community~~~ cpe:/a:gitlab:gitlab:2.6.3::~~community~~~ cpe:/a:gitlab:gitlab:2.7.0::~~community~~~ cpe:/a:gitlab:gitlab:2.7.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:2.7.0:-:~~community~~~ cpe:/a:gitlab:gitlab:2.7.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:2.8.0::~~community~~~ cpe:/a:gitlab:gitlab:2.8.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:2.8.0:-:~~community~~~ cpe:/a:gitlab:gitlab:2.8.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:2.8.1::~~community~~~ cpe:/a:gitlab:gitlab:2.8.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:2.8.2::~~community~~~ cpe:/a:gitlab:gitlab:2.9.0::~~community~~~ cpe:/a:gitlab:gitlab:2.9.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:2.9.1::~~community~~~ cpe:/a:gitlab:gitlab:2.9.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:3.0.0::~~community~~~ cpe:/a:gitlab:gitlab:3.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:3.0.1::~~community~~~ cpe:/a:gitlab:gitlab:3.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:3.0.2::~~community~~~ cpe:/a:gitlab:gitlab:3.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:3.0.3::~~community~~~ cpe:/a:gitlab:gitlab:3.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:3.1.0::~~community~~~ cpe:/a:gitlab:gitlab:3.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:4.0.0::~~community~~~ cpe:/a:gitlab:gitlab:4.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:4.0.0:-:~~community~~~ cpe:/a:gitlab:gitlab:4.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:4.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:4.1.0::~~community~~~ cpe:/a:gitlab:gitlab:4.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:4.2.0::~~community~~~ cpe:/a:gitlab:gitlab:4.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:5.0.0::~~community~~~ cpe:/a:gitlab:gitlab:5.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:5.0.1::~~community~~~ cpe:/a:gitlab:gitlab:5.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:5.1.0::~~community~~~ cpe:/a:gitlab:gitlab:5.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:5.2.0::~~community~~~ cpe:/a:gitlab:gitlab:5.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:5.2.1::~~community~~~ cpe:/a:gitlab:gitlab:5.3.0::~~community~~~ cpe:/a:gitlab:gitlab:5.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:5.4.0::~~community~~~ cpe:/a:gitlab:gitlab:5.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:5.4.1::~~community~~~ cpe:/a:gitlab:gitlab:5.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:5.4.2::~~community~~~ cpe:/a:gitlab:gitlab:5.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.0.0::~~community~~~ cpe:/a:gitlab:gitlab:6.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.0.1::~~community~~~ cpe:/a:gitlab:gitlab:6.0.2::~~community~~~ cpe:/a:gitlab:gitlab:6.1.0::~~community~~~ cpe:/a:gitlab:gitlab:6.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.2.0::~~community~~~ cpe:/a:gitlab:gitlab:6.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.2.1::~~community~~~ cpe:/a:gitlab:gitlab:6.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.2.2::~~community~~~ cpe:/a:gitlab:gitlab:6.2.3::~~community~~~ cpe:/a:gitlab:gitlab:6.2.4::~~community~~~ cpe:/a:gitlab:gitlab:6.3.0::~~community~~~ cpe:/a:gitlab:gitlab:6.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.3.1::~~community~~~ cpe:/a:gitlab:gitlab:6.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.4.0:-:~~community~~~ cpe:/a:gitlab:gitlab:6.4.0:pre1:~~community~~~ cpe:/a:gitlab:gitlab:6.4.0:pre2:~~community~~~ cpe:/a:gitlab:gitlab:6.4.0:pre3:~~community~~~ cpe:/a:gitlab:gitlab:6.4.1::~~community~~~ cpe:/a:gitlab:gitlab:6.4.2::~~community~~~ cpe:/a:gitlab:gitlab:6.4.3::~~community~~~ cpe:/a:gitlab:gitlab:6.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.5.0:-:~~community~~~ cpe:/a:gitlab:gitlab:6.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:6.6.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.6.0:-:~~community~~~ cpe:/a:gitlab:gitlab:6.6.0:pre1:~~community~~~ cpe:/a:gitlab:gitlab:6.6.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:6.6.1::~~community~~~ cpe:/a:gitlab:gitlab:6.6.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.6.2::~~community~~~ cpe:/a:gitlab:gitlab:6.6.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.6.3::~~community~~~ cpe:/a:gitlab:gitlab:6.6.4::~~community~~~ cpe:/a:gitlab:gitlab:6.6.5::~~community~~~ cpe:/a:gitlab:gitlab:6.7.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.7.0:-:~~community~~~ cpe:/a:gitlab:gitlab:6.7.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:6.7.1::~~community~~~ cpe:/a:gitlab:gitlab:6.7.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.7.2::~~community~~~ cpe:/a:gitlab:gitlab:6.7.3::~~community~~~ cpe:/a:gitlab:gitlab:6.7.4::~~community~~~ cpe:/a:gitlab:gitlab:6.7.5::~~community~~~ cpe:/a:gitlab:gitlab:6.8.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.8.0:-:~~community~~~ cpe:/a:gitlab:gitlab:6.8.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:6.8.1::~~community~~~ cpe:/a:gitlab:gitlab:6.8.2::~~community~~~ cpe:/a:gitlab:gitlab:6.9.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.9.0:-:~~community~~~ cpe:/a:gitlab:gitlab:6.9.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:6.9.1::~~community~~~ cpe:/a:gitlab:gitlab:6.9.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.9.2::~~community~~~ cpe:/a:gitlab:gitlab:6.9.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.9.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:6.9.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.0.0:-:~~community~~~ cpe:/a:gitlab:gitlab:7.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.1.0:-:~~community~~~ cpe:/a:gitlab:gitlab:7.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.1.1::~~community~~~ cpe:/a:gitlab:gitlab:7.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.2.0:-:~~community~~~ cpe:/a:gitlab:gitlab:7.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:7.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:7.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:7.2.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:7.2.1::~~community~~~ cpe:/a:gitlab:gitlab:7.2.2::~~community~~~ cpe:/a:gitlab:gitlab:7.2.3::~~community~~~ cpe:/a:gitlab:gitlab:7.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.3.0:-:~~community~~~ cpe:/a:gitlab:gitlab:7.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.3.1::~~community~~~ cpe:/a:gitlab:gitlab:7.3.2::~~community~~~ cpe:/a:gitlab:gitlab:7.3.3::~~community~~~ cpe:/a:gitlab:gitlab:7.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.4.0:-:~~community~~~ cpe:/a:gitlab:gitlab:7.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.4.1::~~community~~~ cpe:/a:gitlab:gitlab:7.4.2::~~community~~~ cpe:/a:gitlab:gitlab:7.4.3::~~community~~~ cpe:/a:gitlab:gitlab:7.4.4::~~community~~~ cpe:/a:gitlab:gitlab:7.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.4.5::~~community~~~ cpe:/a:gitlab:gitlab:7.5.0::~~community~~~ cpe:/a:gitlab:gitlab:7.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.5.1::~~community~~~ cpe:/a:gitlab:gitlab:7.5.2::~~community~~~ cpe:/a:gitlab:gitlab:7.5.3::~~community~~~ cpe:/a:gitlab:gitlab:7.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.6.0::~~community~~~ cpe:/a:gitlab:gitlab:7.6.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.6.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.6.1::~~community~~~ cpe:/a:gitlab:gitlab:7.6.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.6.2::~~community~~~ cpe:/a:gitlab:gitlab:7.6.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.7.0::~~community~~~ cpe:/a:gitlab:gitlab:7.7.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.7.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.7.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:7.7.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:7.7.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:7.7.1::~~community~~~ cpe:/a:gitlab:gitlab:7.7.2::~~community~~~ cpe:/a:gitlab:gitlab:7.8.0::~~community~~~ cpe:/a:gitlab:gitlab:7.8.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.8.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.8.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:7.8.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:7.8.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:7.8.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:7.8.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:7.8.1::~~community~~~ cpe:/a:gitlab:gitlab:7.8.2::~~community~~~ cpe:/a:gitlab:gitlab:7.8.3::~~community~~~ cpe:/a:gitlab:gitlab:7.8.4::~~community~~~ cpe:/a:gitlab:gitlab:7.9.0::~~community~~~ cpe:/a:gitlab:gitlab:7.9.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.9.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.9.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:7.9.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:7.9.1::~~community~~~ cpe:/a:gitlab:gitlab:7.9.2::~~community~~~ cpe:/a:gitlab:gitlab:7.9.3::~~community~~~ cpe:/a:gitlab:gitlab:7.9.4::~~community~~~ cpe:/a:gitlab:gitlab:7.10.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.10.0:-:~~community~~~ cpe:/a:gitlab:gitlab:7.10.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.10.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:7.10.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:7.10.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:7.10.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:7.10.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:7.10.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:7.10.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:7.10.1::~~community~~~ cpe:/a:gitlab:gitlab:7.10.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.10.2::~~community~~~ cpe:/a:gitlab:gitlab:7.10.3::~~community~~~ cpe:/a:gitlab:gitlab:7.10.4::~~community~~~ cpe:/a:gitlab:gitlab:7.10.5::~~community~~~ cpe:/a:gitlab:gitlab:7.11.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.11.0:-:~~community~~~ cpe:/a:gitlab:gitlab:7.11.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.11.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:7.11.1::~~community~~~ cpe:/a:gitlab:gitlab:7.11.2::~~community~~~ cpe:/a:gitlab:gitlab:7.11.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.11.3::~~community~~~ cpe:/a:gitlab:gitlab:7.11.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.11.4::~~community~~~ cpe:/a:gitlab:gitlab:7.11.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.12.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.12.0:-:~~community~~~ cpe:/a:gitlab:gitlab:7.12.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.12.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:7.12.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:7.12.1::~~community~~~ cpe:/a:gitlab:gitlab:7.12.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.12.2::~~community~~~ cpe:/a:gitlab:gitlab:7.12.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.13.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.13.0:-:~~community~~~ cpe:/a:gitlab:gitlab:7.13.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.13.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:7.13.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:7.13.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:7.13.1::~~community~~~ cpe:/a:gitlab:gitlab:7.13.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.13.2::~~community~~~ cpe:/a:gitlab:gitlab:7.13.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.13.3::~~community~~~ cpe:/a:gitlab:gitlab:7.13.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.13.4::~~community~~~ cpe:/a:gitlab:gitlab:7.13.5::~~community~~~ cpe:/a:gitlab:gitlab:7.14.0::~~community~~~ cpe:/a:gitlab:gitlab:7.14.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.14.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:7.14.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:7.14.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:7.14.1::~~community~~~ cpe:/a:gitlab:gitlab:7.14.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.14.2::~~community~~~ cpe:/a:gitlab:gitlab:7.14.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:7.14.3::~~community~~~ cpe:/a:gitlab:gitlab:7.14.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.0.0:-:~~community~~~ cpe:/a:gitlab:gitlab:8.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.0.1::~~community~~~ cpe:/a:gitlab:gitlab:8.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.0.2::~~community~~~ cpe:/a:gitlab:gitlab:8.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.0.3::~~community~~~ cpe:/a:gitlab:gitlab:8.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.0.4::~~community~~~ cpe:/a:gitlab:gitlab:8.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.0.5::~~community~~~ cpe:/a:gitlab:gitlab:8.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.0.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.1.0:-:~~community~~~ cpe:/a:gitlab:gitlab:8.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.1.1::~~community~~~ cpe:/a:gitlab:gitlab:8.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.1.2::~~community~~~ cpe:/a:gitlab:gitlab:8.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.1.3::~~community~~~ cpe:/a:gitlab:gitlab:8.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.1.4::~~community~~~ cpe:/a:gitlab:gitlab:8.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.2.0::~~community~~~ cpe:/a:gitlab:gitlab:8.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.2.1::~~community~~~ cpe:/a:gitlab:gitlab:8.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.2.2::~~community~~~ cpe:/a:gitlab:gitlab:8.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.2.3::~~community~~~ cpe:/a:gitlab:gitlab:8.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.2.4::~~community~~~ cpe:/a:gitlab:gitlab:8.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.2.5::~~community~~~ cpe:/a:gitlab:gitlab:8.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.2.6::~~community~~~ cpe:/a:gitlab:gitlab:8.2.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.0::~~community~~~ cpe:/a:gitlab:gitlab:8.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.3.1::~~community~~~ cpe:/a:gitlab:gitlab:8.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.2::~~community~~~ cpe:/a:gitlab:gitlab:8.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.3::~~community~~~ cpe:/a:gitlab:gitlab:8.3.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.4::~~community~~~ cpe:/a:gitlab:gitlab:8.3.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.5::~~community~~~ cpe:/a:gitlab:gitlab:8.3.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.6::~~community~~~ cpe:/a:gitlab:gitlab:8.3.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.7::~~community~~~ cpe:/a:gitlab:gitlab:8.3.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.8::~~community~~~ cpe:/a:gitlab:gitlab:8.3.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.9::~~community~~~ cpe:/a:gitlab:gitlab:8.3.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.10::~~community~~~ cpe:/a:gitlab:gitlab:8.3.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.0::~~community~~~ cpe:/a:gitlab:gitlab:8.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.4.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.4.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.4.1::~~community~~~ cpe:/a:gitlab:gitlab:8.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.2::~~community~~~ cpe:/a:gitlab:gitlab:8.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.3::~~community~~~ cpe:/a:gitlab:gitlab:8.4.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.4::~~community~~~ cpe:/a:gitlab:gitlab:8.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.5::~~community~~~ cpe:/a:gitlab:gitlab:8.4.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.6::~~community~~~ cpe:/a:gitlab:gitlab:8.4.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.7::~~community~~~ cpe:/a:gitlab:gitlab:8.4.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.8::~~community~~~ cpe:/a:gitlab:gitlab:8.4.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.9::~~community~~~ cpe:/a:gitlab:gitlab:8.4.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.10::~~community~~~ cpe:/a:gitlab:gitlab:8.4.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.11::~~community~~~ cpe:/a:gitlab:gitlab:8.4.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.0::~~community~~~ cpe:/a:gitlab:gitlab:8.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.5.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.5.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.5.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.5.1::~~community~~~ cpe:/a:gitlab:gitlab:8.5.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.2::~~community~~~ cpe:/a:gitlab:gitlab:8.5.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.3::~~community~~~ cpe:/a:gitlab:gitlab:8.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.4::~~community~~~ cpe:/a:gitlab:gitlab:8.5.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.5:-:~~community~~~ cpe:/a:gitlab:gitlab:8.5.5:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.5.6::~~community~~~ cpe:/a:gitlab:gitlab:8.5.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.7::~~community~~~ cpe:/a:gitlab:gitlab:8.5.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.8::~~community~~~ cpe:/a:gitlab:gitlab:8.5.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.9::~~community~~~ cpe:/a:gitlab:gitlab:8.5.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.10::~~community~~~ cpe:/a:gitlab:gitlab:8.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.11::~~community~~~ cpe:/a:gitlab:gitlab:8.5.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.12::~~community~~~ cpe:/a:gitlab:gitlab:8.5.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.13::~~community~~~ cpe:/a:gitlab:gitlab:8.5.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.0::~~community~~~ cpe:/a:gitlab:gitlab:8.6.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.6.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.6.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.6.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.6.1::~~community~~~ cpe:/a:gitlab:gitlab:8.6.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.2::~~community~~~ cpe:/a:gitlab:gitlab:8.6.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.3::~~community~~~ cpe:/a:gitlab:gitlab:8.6.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.4::~~community~~~ cpe:/a:gitlab:gitlab:8.6.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.5::~~community~~~ cpe:/a:gitlab:gitlab:8.6.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.6::~~community~~~ cpe:/a:gitlab:gitlab:8.6.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.7::~~community~~~ cpe:/a:gitlab:gitlab:8.6.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.8::~~community~~~ cpe:/a:gitlab:gitlab:8.6.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.9::~~community~~~ cpe:/a:gitlab:gitlab:8.6.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.0::~~community~~~ cpe:/a:gitlab:gitlab:8.7.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.7.1::~~community~~~ cpe:/a:gitlab:gitlab:8.7.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.2::~~community~~~ cpe:/a:gitlab:gitlab:8.7.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.3::~~community~~~ cpe:/a:gitlab:gitlab:8.7.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.4::~~community~~~ cpe:/a:gitlab:gitlab:8.7.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.5::~~community~~~ cpe:/a:gitlab:gitlab:8.7.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.6::~~community~~~ cpe:/a:gitlab:gitlab:8.7.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.7::~~community~~~ cpe:/a:gitlab:gitlab:8.7.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.8::~~community~~~ cpe:/a:gitlab:gitlab:8.7.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.9::~~community~~~ cpe:/a:gitlab:gitlab:8.7.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.0::~~community~~~ cpe:/a:gitlab:gitlab:8.8.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.8.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.8.1::~~community~~~ cpe:/a:gitlab:gitlab:8.8.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.2::~~community~~~ cpe:/a:gitlab:gitlab:8.8.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.3::~~community~~~ cpe:/a:gitlab:gitlab:8.8.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.4::~~community~~~ cpe:/a:gitlab:gitlab:8.8.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.5::~~community~~~ cpe:/a:gitlab:gitlab:8.8.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.6::~~community~~~ cpe:/a:gitlab:gitlab:8.8.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.7::~~community~~~ cpe:/a:gitlab:gitlab:8.8.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.8::~~community~~~ cpe:/a:gitlab:gitlab:8.8.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.9::~~community~~~ cpe:/a:gitlab:gitlab:8.8.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.0::~~community~~~ cpe:/a:gitlab:gitlab:8.9.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:8.9.1::~~community~~~ cpe:/a:gitlab:gitlab:8.9.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.2::~~community~~~ cpe:/a:gitlab:gitlab:8.9.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.3::~~community~~~ cpe:/a:gitlab:gitlab:8.9.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.4::~~community~~~ cpe:/a:gitlab:gitlab:8.9.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.5::~~community~~~ cpe:/a:gitlab:gitlab:8.9.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.6::~~community~~~ cpe:/a:gitlab:gitlab:8.9.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.7::~~community~~~ cpe:/a:gitlab:gitlab:8.9.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.8::~~community~~~ cpe:/a:gitlab:gitlab:8.9.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.9::~~community~~~ cpe:/a:gitlab:gitlab:8.9.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.10::~~community~~~ cpe:/a:gitlab:gitlab:8.9.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.11::~~community~~~ cpe:/a:gitlab:gitlab:8.9.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.0::~~community~~~ cpe:/a:gitlab:gitlab:8.10.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc10:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc11:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc12:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc13:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc9:~~community~~~ cpe:/a:gitlab:gitlab:8.10.1::~~community~~~ cpe:/a:gitlab:gitlab:8.10.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.2::~~community~~~ cpe:/a:gitlab:gitlab:8.10.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.3::~~community~~~ cpe:/a:gitlab:gitlab:8.10.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.4::~~community~~~ cpe:/a:gitlab:gitlab:8.10.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.5::~~community~~~ cpe:/a:gitlab:gitlab:8.10.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.6::~~community~~~ cpe:/a:gitlab:gitlab:8.10.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.7::~~community~~~ cpe:/a:gitlab:gitlab:8.10.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.8::~~community~~~ cpe:/a:gitlab:gitlab:8.10.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.9::~~community~~~ cpe:/a:gitlab:gitlab:8.10.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.10::~~community~~~ cpe:/a:gitlab:gitlab:8.10.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.11::~~community~~~ cpe:/a:gitlab:gitlab:8.10.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.12::~~community~~~ cpe:/a:gitlab:gitlab:8.10.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.13::~~community~~~ cpe:/a:gitlab:gitlab:8.10.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.0::~~community~~~ cpe:/a:gitlab:gitlab:8.11.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.11.1::~~community~~~ cpe:/a:gitlab:gitlab:8.11.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.2::~~community~~~ cpe:/a:gitlab:gitlab:8.11.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.3::~~community~~~ cpe:/a:gitlab:gitlab:8.11.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.4::~~community~~~ cpe:/a:gitlab:gitlab:8.11.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.5::~~community~~~ cpe:/a:gitlab:gitlab:8.11.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.6::~~community~~~ cpe:/a:gitlab:gitlab:8.11.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.7::~~community~~~ cpe:/a:gitlab:gitlab:8.11.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.8::~~community~~~ cpe:/a:gitlab:gitlab:8.11.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.9::~~community~~~ cpe:/a:gitlab:gitlab:8.11.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.10::~~community~~~ cpe:/a:gitlab:gitlab:8.11.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.11::~~community~~~ cpe:/a:gitlab:gitlab:8.11.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.0::~~community~~~ cpe:/a:gitlab:gitlab:8.12.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.12.1::~~community~~~ cpe:/a:gitlab:gitlab:8.12.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.2::~~community~~~ cpe:/a:gitlab:gitlab:8.12.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.3::~~community~~~ cpe:/a:gitlab:gitlab:8.12.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.4::~~community~~~ cpe:/a:gitlab:gitlab:8.12.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.5::~~community~~~ cpe:/a:gitlab:gitlab:8.12.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.6::~~community~~~ cpe:/a:gitlab:gitlab:8.12.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.7::~~community~~~ cpe:/a:gitlab:gitlab:8.12.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.8::~~community~~~ cpe:/a:gitlab:gitlab:8.12.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.9::~~community~~~ cpe:/a:gitlab:gitlab:8.12.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.10::~~community~~~ cpe:/a:gitlab:gitlab:8.12.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.11::~~community~~~ cpe:/a:gitlab:gitlab:8.12.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.12::~~community~~~ cpe:/a:gitlab:gitlab:8.12.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.13::~~community~~~ cpe:/a:gitlab:gitlab:8.13.0::~~community~~~ cpe:/a:gitlab:gitlab:8.13.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.13.1::~~community~~~ cpe:/a:gitlab:gitlab:8.13.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.2::~~community~~~ cpe:/a:gitlab:gitlab:8.13.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.3::~~community~~~ cpe:/a:gitlab:gitlab:8.13.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.4::~~community~~~ cpe:/a:gitlab:gitlab:8.13.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.5::~~community~~~ cpe:/a:gitlab:gitlab:8.13.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.6::~~community~~~ cpe:/a:gitlab:gitlab:8.13.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.7::~~community~~~ cpe:/a:gitlab:gitlab:8.13.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.8::~~community~~~ cpe:/a:gitlab:gitlab:8.13.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.9::~~community~~~ cpe:/a:gitlab:gitlab:8.13.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.10::~~community~~~ cpe:/a:gitlab:gitlab:8.13.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.11::~~community~~~ cpe:/a:gitlab:gitlab:8.13.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.12::~~community~~~ cpe:/a:gitlab:gitlab:8.13.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.0::~~community~~~ cpe:/a:gitlab:gitlab:8.14.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.14.1::~~community~~~ cpe:/a:gitlab:gitlab:8.14.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.2::~~community~~~ cpe:/a:gitlab:gitlab:8.14.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.3::~~community~~~ cpe:/a:gitlab:gitlab:8.14.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.4::~~community~~~ cpe:/a:gitlab:gitlab:8.14.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.5::~~community~~~ cpe:/a:gitlab:gitlab:8.14.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.6::~~community~~~ cpe:/a:gitlab:gitlab:8.14.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.7::~~community~~~ cpe:/a:gitlab:gitlab:8.14.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.8::~~community~~~ cpe:/a:gitlab:gitlab:8.14.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.9::~~community~~~ cpe:/a:gitlab:gitlab:8.14.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.10::~~community~~~ cpe:/a:gitlab:gitlab:8.14.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.0::~~community~~~ cpe:/a:gitlab:gitlab:8.15.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.1::~~community~~~ cpe:/a:gitlab:gitlab:8.15.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.2::~~community~~~ cpe:/a:gitlab:gitlab:8.15.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.3::~~community~~~ cpe:/a:gitlab:gitlab:8.15.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.4::~~community~~~ cpe:/a:gitlab:gitlab:8.15.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.5::~~community~~~ cpe:/a:gitlab:gitlab:8.15.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.6::~~community~~~ cpe:/a:gitlab:gitlab:8.15.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.7::~~community~~~ cpe:/a:gitlab:gitlab:8.15.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.8::~~community~~~ cpe:/a:gitlab:gitlab:8.15.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0::~~community~~~ cpe:/a:gitlab:gitlab:8.16.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.2::~~community~~~ cpe:/a:gitlab:gitlab:8.16.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.3::~~community~~~ cpe:/a:gitlab:gitlab:8.16.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.4::~~community~~~ cpe:/a:gitlab:gitlab:8.16.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.5::~~community~~~ cpe:/a:gitlab:gitlab:8.16.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.6::~~community~~~ cpe:/a:gitlab:gitlab:8.16.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.7::~~community~~~ cpe:/a:gitlab:gitlab:8.16.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.8::~~community~~~ cpe:/a:gitlab:gitlab:8.16.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.9::~~community~~~ cpe:/a:gitlab:gitlab:8.16.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0::~~community~~~ cpe:/a:gitlab:gitlab:8.17.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.2::~~community~~~ cpe:/a:gitlab:gitlab:8.17.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.3::~~community~~~ cpe:/a:gitlab:gitlab:8.17.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.4::~~community~~~ cpe:/a:gitlab:gitlab:8.17.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.5::~~community~~~ cpe:/a:gitlab:gitlab:8.17.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.6::~~community~~~ cpe:/a:gitlab:gitlab:8.17.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.7::~~community~~~ cpe:/a:gitlab:gitlab:8.17.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.8::~~community~~~ cpe:/a:gitlab:gitlab:8.17.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.18.0:-:~~community~~~ cpe:/a:gitlab:gitlab:8.18.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.2::~~community~~~ cpe:/a:gitlab:gitlab:9.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.3::~~community~~~ cpe:/a:gitlab:gitlab:9.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.4::~~community~~~ cpe:/a:gitlab:gitlab:9.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.5::~~community~~~ cpe:/a:gitlab:gitlab:9.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.6::~~community~~~ cpe:/a:gitlab:gitlab:9.0.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.7::~~community~~~ cpe:/a:gitlab:gitlab:9.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.8::~~community~~~ cpe:/a:gitlab:gitlab:9.0.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.9::~~community~~~ cpe:/a:gitlab:gitlab:9.0.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.10::~~community~~~ cpe:/a:gitlab:gitlab:9.0.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.11::~~community~~~ cpe:/a:gitlab:gitlab:9.0.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.12::~~community~~~ cpe:/a:gitlab:gitlab:9.0.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.13::~~community~~~ cpe:/a:gitlab:gitlab:9.0.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0::~~community~~~ cpe:/a:gitlab:gitlab:9.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.2::~~community~~~ cpe:/a:gitlab:gitlab:9.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.3::~~community~~~ cpe:/a:gitlab:gitlab:9.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.4::~~community~~~ cpe:/a:gitlab:gitlab:9.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.5::~~community~~~ cpe:/a:gitlab:gitlab:9.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.6::~~community~~~ cpe:/a:gitlab:gitlab:9.1.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.7::~~community~~~ cpe:/a:gitlab:gitlab:9.1.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.8::~~community~~~ cpe:/a:gitlab:gitlab:9.1.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.9::~~community~~~ cpe:/a:gitlab:gitlab:9.1.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.10::~~community~~~ cpe:/a:gitlab:gitlab:9.1.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0::~~community~~~ cpe:/a:gitlab:gitlab:9.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.2::~~community~~~ cpe:/a:gitlab:gitlab:9.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.3::~~community~~~ cpe:/a:gitlab:gitlab:9.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.4::~~community~~~ cpe:/a:gitlab:gitlab:9.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.5::~~community~~~ cpe:/a:gitlab:gitlab:9.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.6::~~community~~~ cpe:/a:gitlab:gitlab:9.2.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.7::~~community~~~ cpe:/a:gitlab:gitlab:9.2.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.8::~~community~~~ cpe:/a:gitlab:gitlab:9.2.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.9::~~community~~~ cpe:/a:gitlab:gitlab:9.2.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.10::~~community~~~ cpe:/a:gitlab:gitlab:9.2.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0::~~community~~~ cpe:/a:gitlab:gitlab:9.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.2::~~community~~~ cpe:/a:gitlab:gitlab:9.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.3::~~community~~~ cpe:/a:gitlab:gitlab:9.3.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.4::~~community~~~ cpe:/a:gitlab:gitlab:9.3.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.5::~~community~~~ cpe:/a:gitlab:gitlab:9.3.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.6::~~community~~~ cpe:/a:gitlab:gitlab:9.3.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.7::~~community~~~ cpe:/a:gitlab:gitlab:9.3.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.8::~~community~~~ cpe:/a:gitlab:gitlab:9.3.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.9::~~community~~~ cpe:/a:gitlab:gitlab:9.3.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.10::~~community~~~ cpe:/a:gitlab:gitlab:9.3.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.11::~~community~~~ cpe:/a:gitlab:gitlab:9.3.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0::~~community~~~ cpe:/a:gitlab:gitlab:9.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.2::~~community~~~ cpe:/a:gitlab:gitlab:9.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.3::~~community~~~ cpe:/a:gitlab:gitlab:9.4.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.4::~~community~~~ cpe:/a:gitlab:gitlab:9.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.5::~~community~~~ cpe:/a:gitlab:gitlab:9.4.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.6::~~community~~~ cpe:/a:gitlab:gitlab:9.4.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.7::~~community~~~ cpe:/a:gitlab:gitlab:9.4.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0::~~community~~~ cpe:/a:gitlab:gitlab:9.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.2::~~community~~~ cpe:/a:gitlab:gitlab:9.5.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.3::~~community~~~ cpe:/a:gitlab:gitlab:9.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.4::~~community~~~ cpe:/a:gitlab:gitlab:9.5.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.5::~~community~~~ cpe:/a:gitlab:gitlab:9.5.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.6::~~community~~~ cpe:/a:gitlab:gitlab:9.5.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.7::~~community~~~ cpe:/a:gitlab:gitlab:9.5.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.8::~~community~~~ cpe:/a:gitlab:gitlab:9.5.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.9::~~community~~~ cpe:/a:gitlab:gitlab:9.5.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.10::~~community~~~ cpe:/a:gitlab:gitlab:9.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.6.0:-:~~community~~~ cpe:/a:gitlab:gitlab:9.6.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0::~~community~~~ cpe:/a:gitlab:gitlab:10.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.2::~~community~~~ cpe:/a:gitlab:gitlab:10.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.3::~~community~~~ cpe:/a:gitlab:gitlab:10.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.4::~~community~~~ cpe:/a:gitlab:gitlab:10.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.5::~~community~~~ cpe:/a:gitlab:gitlab:10.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.6::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0::~~community~~~ cpe:/a:gitlab:gitlab:10.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.2::~~community~~~ cpe:/a:gitlab:gitlab:10.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.3::~~community~~~ cpe:/a:gitlab:gitlab:10.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.4::~~community~~~ cpe:/a:gitlab:gitlab:10.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.5::~~community~~~ cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0::~~community~~~ cpe:/a:gitlab:gitlab:10.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.2::~~community~~~ cpe:/a:gitlab:gitlab:10.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.3::~~community~~~ cpe:/a:gitlab:gitlab:10.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.4::~~community~~~ cpe:/a:gitlab:gitlab:10.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.5::~~community~~~ cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0::~~community~~~ cpe:/a:gitlab:gitlab:10.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.2::~~community~~~ cpe:/a:gitlab:gitlab:10.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.3::~~community~~~ cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~

CVE-2017-0919

2018-07-03T17:29:00.293-04:00

2018-09-04T11:25:04.607-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-08-23T12:13:02.507-04:00

MISC https://hackerone.com/reports/301137 GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.

cpe:/a:gitlab:gitlab:8.8.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.1::~~community~~~ cpe:/a:gitlab:gitlab:8.8.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.2::~~community~~~ cpe:/a:gitlab:gitlab:8.8.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.3::~~community~~~ cpe:/a:gitlab:gitlab:8.8.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.4::~~community~~~ cpe:/a:gitlab:gitlab:8.8.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.5::~~community~~~ cpe:/a:gitlab:gitlab:8.8.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.6::~~community~~~ cpe:/a:gitlab:gitlab:8.8.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.7::~~community~~~ cpe:/a:gitlab:gitlab:8.8.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.8::~~community~~~ cpe:/a:gitlab:gitlab:8.8.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.9::~~community~~~ cpe:/a:gitlab:gitlab:8.8.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.0::~~community~~~ cpe:/a:gitlab:gitlab:8.9.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:8.9.1::~~community~~~ cpe:/a:gitlab:gitlab:8.9.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.2::~~community~~~ cpe:/a:gitlab:gitlab:8.9.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.3::~~community~~~ cpe:/a:gitlab:gitlab:8.9.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.4::~~community~~~ cpe:/a:gitlab:gitlab:8.9.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.5::~~community~~~ cpe:/a:gitlab:gitlab:8.9.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.6::~~community~~~ cpe:/a:gitlab:gitlab:8.9.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.7::~~community~~~ cpe:/a:gitlab:gitlab:8.9.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.8::~~community~~~ cpe:/a:gitlab:gitlab:8.9.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.9::~~community~~~ cpe:/a:gitlab:gitlab:8.9.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.10::~~community~~~ cpe:/a:gitlab:gitlab:8.9.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.11::~~community~~~ cpe:/a:gitlab:gitlab:8.9.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.0::~~community~~~ cpe:/a:gitlab:gitlab:8.10.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc10:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc11:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc12:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc13:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc9:~~community~~~ cpe:/a:gitlab:gitlab:8.10.1::~~community~~~ cpe:/a:gitlab:gitlab:8.10.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.2::~~community~~~ cpe:/a:gitlab:gitlab:8.10.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.3::~~community~~~ cpe:/a:gitlab:gitlab:8.10.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.4::~~community~~~ cpe:/a:gitlab:gitlab:8.10.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.5::~~community~~~ cpe:/a:gitlab:gitlab:8.10.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.6::~~community~~~ cpe:/a:gitlab:gitlab:8.10.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.7::~~community~~~ cpe:/a:gitlab:gitlab:8.10.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.8::~~community~~~ cpe:/a:gitlab:gitlab:8.10.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.9::~~community~~~ cpe:/a:gitlab:gitlab:8.10.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.10::~~community~~~ cpe:/a:gitlab:gitlab:8.10.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.11::~~community~~~ cpe:/a:gitlab:gitlab:8.10.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.12::~~community~~~ cpe:/a:gitlab:gitlab:8.10.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.13::~~community~~~ cpe:/a:gitlab:gitlab:8.10.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.0::~~community~~~ cpe:/a:gitlab:gitlab:8.11.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.11.1::~~community~~~ cpe:/a:gitlab:gitlab:8.11.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.2::~~community~~~ cpe:/a:gitlab:gitlab:8.11.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.3::~~community~~~ cpe:/a:gitlab:gitlab:8.11.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.4::~~community~~~ cpe:/a:gitlab:gitlab:8.11.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.5::~~community~~~ cpe:/a:gitlab:gitlab:8.11.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.6::~~community~~~ cpe:/a:gitlab:gitlab:8.11.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.7::~~community~~~ cpe:/a:gitlab:gitlab:8.11.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.8::~~community~~~ cpe:/a:gitlab:gitlab:8.11.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.9::~~community~~~ cpe:/a:gitlab:gitlab:8.11.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.10::~~community~~~ cpe:/a:gitlab:gitlab:8.11.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.11::~~community~~~ cpe:/a:gitlab:gitlab:8.11.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.0::~~community~~~ cpe:/a:gitlab:gitlab:8.12.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.12.1::~~community~~~ cpe:/a:gitlab:gitlab:8.12.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.2::~~community~~~ cpe:/a:gitlab:gitlab:8.12.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.3::~~community~~~ cpe:/a:gitlab:gitlab:8.12.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.4::~~community~~~ cpe:/a:gitlab:gitlab:8.12.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.5::~~community~~~ cpe:/a:gitlab:gitlab:8.12.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.6::~~community~~~ cpe:/a:gitlab:gitlab:8.12.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.7::~~community~~~ cpe:/a:gitlab:gitlab:8.12.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.8::~~community~~~ cpe:/a:gitlab:gitlab:8.12.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.9::~~community~~~ cpe:/a:gitlab:gitlab:8.12.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.10::~~community~~~ cpe:/a:gitlab:gitlab:8.12.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.11::~~community~~~ cpe:/a:gitlab:gitlab:8.12.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.12::~~community~~~ cpe:/a:gitlab:gitlab:8.12.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.13::~~community~~~ cpe:/a:gitlab:gitlab:8.13.0::~~community~~~ cpe:/a:gitlab:gitlab:8.13.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.13.1::~~community~~~ cpe:/a:gitlab:gitlab:8.13.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.2::~~community~~~ cpe:/a:gitlab:gitlab:8.13.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.3::~~community~~~ cpe:/a:gitlab:gitlab:8.13.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.4::~~community~~~ cpe:/a:gitlab:gitlab:8.13.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.5::~~community~~~ cpe:/a:gitlab:gitlab:8.13.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.6::~~community~~~ cpe:/a:gitlab:gitlab:8.13.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.7::~~community~~~ cpe:/a:gitlab:gitlab:8.13.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.8::~~community~~~ cpe:/a:gitlab:gitlab:8.13.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.9::~~community~~~ cpe:/a:gitlab:gitlab:8.13.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.10::~~community~~~ cpe:/a:gitlab:gitlab:8.13.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.11::~~community~~~ cpe:/a:gitlab:gitlab:8.13.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.12::~~community~~~ cpe:/a:gitlab:gitlab:8.13.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.0::~~community~~~ cpe:/a:gitlab:gitlab:8.14.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.14.1::~~community~~~ cpe:/a:gitlab:gitlab:8.14.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.2::~~community~~~ cpe:/a:gitlab:gitlab:8.14.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.3::~~community~~~ cpe:/a:gitlab:gitlab:8.14.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.4::~~community~~~ cpe:/a:gitlab:gitlab:8.14.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.5::~~community~~~ cpe:/a:gitlab:gitlab:8.14.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.6::~~community~~~ cpe:/a:gitlab:gitlab:8.14.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.7::~~community~~~ cpe:/a:gitlab:gitlab:8.14.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.8::~~community~~~ cpe:/a:gitlab:gitlab:8.14.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.9::~~community~~~ cpe:/a:gitlab:gitlab:8.14.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.10::~~community~~~ cpe:/a:gitlab:gitlab:8.14.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.0::~~community~~~ cpe:/a:gitlab:gitlab:8.15.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.1::~~community~~~ cpe:/a:gitlab:gitlab:8.15.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.2::~~community~~~ cpe:/a:gitlab:gitlab:8.15.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.3::~~community~~~ cpe:/a:gitlab:gitlab:8.15.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.4::~~community~~~ cpe:/a:gitlab:gitlab:8.15.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.5::~~community~~~ cpe:/a:gitlab:gitlab:8.15.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.6::~~community~~~ cpe:/a:gitlab:gitlab:8.15.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.7::~~community~~~ cpe:/a:gitlab:gitlab:8.15.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.8::~~community~~~ cpe:/a:gitlab:gitlab:8.15.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0::~~community~~~ cpe:/a:gitlab:gitlab:8.16.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.2::~~community~~~ cpe:/a:gitlab:gitlab:8.16.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.3::~~community~~~ cpe:/a:gitlab:gitlab:8.16.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.4::~~community~~~ cpe:/a:gitlab:gitlab:8.16.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.5::~~community~~~ cpe:/a:gitlab:gitlab:8.16.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.6::~~community~~~ cpe:/a:gitlab:gitlab:8.16.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.7::~~community~~~ cpe:/a:gitlab:gitlab:8.16.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.8::~~community~~~ cpe:/a:gitlab:gitlab:8.16.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.9::~~community~~~ cpe:/a:gitlab:gitlab:8.16.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0::~~community~~~ cpe:/a:gitlab:gitlab:8.17.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.2::~~community~~~ cpe:/a:gitlab:gitlab:8.17.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.3::~~community~~~ cpe:/a:gitlab:gitlab:8.17.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.4::~~community~~~ cpe:/a:gitlab:gitlab:8.17.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.5::~~community~~~ cpe:/a:gitlab:gitlab:8.17.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.6::~~community~~~ cpe:/a:gitlab:gitlab:8.17.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.7::~~community~~~ cpe:/a:gitlab:gitlab:8.17.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.8::~~community~~~ cpe:/a:gitlab:gitlab:8.17.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.18.0:-:~~community~~~ cpe:/a:gitlab:gitlab:8.18.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.2::~~community~~~ cpe:/a:gitlab:gitlab:9.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.3::~~community~~~ cpe:/a:gitlab:gitlab:9.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.4::~~community~~~ cpe:/a:gitlab:gitlab:9.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.5::~~community~~~ cpe:/a:gitlab:gitlab:9.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.6::~~community~~~ cpe:/a:gitlab:gitlab:9.0.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.7::~~community~~~ cpe:/a:gitlab:gitlab:9.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.8::~~community~~~ cpe:/a:gitlab:gitlab:9.0.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.9::~~community~~~ cpe:/a:gitlab:gitlab:9.0.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.10::~~community~~~ cpe:/a:gitlab:gitlab:9.0.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.11::~~community~~~ cpe:/a:gitlab:gitlab:9.0.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.12::~~community~~~ cpe:/a:gitlab:gitlab:9.0.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.13::~~community~~~ cpe:/a:gitlab:gitlab:9.0.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0::~~community~~~ cpe:/a:gitlab:gitlab:9.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.2::~~community~~~ cpe:/a:gitlab:gitlab:9.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.3::~~community~~~ cpe:/a:gitlab:gitlab:9.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.4::~~community~~~ cpe:/a:gitlab:gitlab:9.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.5::~~community~~~ cpe:/a:gitlab:gitlab:9.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.6::~~community~~~ cpe:/a:gitlab:gitlab:9.1.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.7::~~community~~~ cpe:/a:gitlab:gitlab:9.1.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.8::~~community~~~ cpe:/a:gitlab:gitlab:9.1.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.9::~~community~~~ cpe:/a:gitlab:gitlab:9.1.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.10::~~community~~~ cpe:/a:gitlab:gitlab:9.1.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0::~~community~~~ cpe:/a:gitlab:gitlab:9.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.2::~~community~~~ cpe:/a:gitlab:gitlab:9.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.3::~~community~~~ cpe:/a:gitlab:gitlab:9.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.4::~~community~~~ cpe:/a:gitlab:gitlab:9.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.5::~~community~~~ cpe:/a:gitlab:gitlab:9.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.6::~~community~~~ cpe:/a:gitlab:gitlab:9.2.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.7::~~community~~~ cpe:/a:gitlab:gitlab:9.2.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.8::~~community~~~ cpe:/a:gitlab:gitlab:9.2.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.9::~~community~~~ cpe:/a:gitlab:gitlab:9.2.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.10::~~community~~~ cpe:/a:gitlab:gitlab:9.2.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0::~~community~~~ cpe:/a:gitlab:gitlab:9.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.2::~~community~~~ cpe:/a:gitlab:gitlab:9.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.3::~~community~~~ cpe:/a:gitlab:gitlab:9.3.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.4::~~community~~~ cpe:/a:gitlab:gitlab:9.3.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.5::~~community~~~ cpe:/a:gitlab:gitlab:9.3.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.6::~~community~~~ cpe:/a:gitlab:gitlab:9.3.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.7::~~community~~~ cpe:/a:gitlab:gitlab:9.3.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.8::~~community~~~ cpe:/a:gitlab:gitlab:9.3.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.9::~~community~~~ cpe:/a:gitlab:gitlab:9.3.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.10::~~community~~~ cpe:/a:gitlab:gitlab:9.3.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.11::~~community~~~ cpe:/a:gitlab:gitlab:9.3.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0::~~community~~~ cpe:/a:gitlab:gitlab:9.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.2::~~community~~~ cpe:/a:gitlab:gitlab:9.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.3::~~community~~~ cpe:/a:gitlab:gitlab:9.4.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.4::~~community~~~ cpe:/a:gitlab:gitlab:9.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.5::~~community~~~ cpe:/a:gitlab:gitlab:9.4.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.6::~~community~~~ cpe:/a:gitlab:gitlab:9.4.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.7::~~community~~~ cpe:/a:gitlab:gitlab:9.4.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0::~~community~~~ cpe:/a:gitlab:gitlab:9.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.2::~~community~~~ cpe:/a:gitlab:gitlab:9.5.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.3::~~community~~~ cpe:/a:gitlab:gitlab:9.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.4::~~community~~~ cpe:/a:gitlab:gitlab:9.5.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.5::~~community~~~ cpe:/a:gitlab:gitlab:9.5.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.6::~~community~~~ cpe:/a:gitlab:gitlab:9.5.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.7::~~community~~~ cpe:/a:gitlab:gitlab:9.5.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.8::~~community~~~ cpe:/a:gitlab:gitlab:9.5.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.9::~~community~~~ cpe:/a:gitlab:gitlab:9.5.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.10::~~community~~~ cpe:/a:gitlab:gitlab:9.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.6.0:-:~~community~~~ cpe:/a:gitlab:gitlab:9.6.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0::~~community~~~ cpe:/a:gitlab:gitlab:10.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.2::~~community~~~ cpe:/a:gitlab:gitlab:10.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.3::~~community~~~ cpe:/a:gitlab:gitlab:10.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.4::~~community~~~ cpe:/a:gitlab:gitlab:10.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.5::~~community~~~ cpe:/a:gitlab:gitlab:10.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.6::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0::~~community~~~ cpe:/a:gitlab:gitlab:10.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.2::~~community~~~ cpe:/a:gitlab:gitlab:10.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.3::~~community~~~ cpe:/a:gitlab:gitlab:10.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.4::~~community~~~ cpe:/a:gitlab:gitlab:10.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.5::~~community~~~ cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.1::~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.2::~~community~~~ cpe:/a:gitlab:gitlab:10.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.3::~~community~~~ cpe:/a:gitlab:gitlab:10.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.4::~~community~~~ cpe:/a:gitlab:gitlab:10.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.5::~~community~~~ cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.1::~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.2::~~community~~~ cpe:/a:gitlab:gitlab:10.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.3::~~community~~~ cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~

CVE-2017-0920

2018-03-22T11:29:00.217-04:00

2019-10-02T20:03:26.223-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ MISC https://hackerone.com/reports/301336 DEBIAN DSA-4206 GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.

CVE-2017-0921

2018-07-03T17:29:00.340-04:00

2018-09-04T11:30:32.573-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2018-08-23T12:33:02.720-04:00

MISC https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/ GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.

cpe:/a:gitlab:gitlab:9.1.0::~~community~~~ cpe:/a:gitlab:gitlab:9.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.2::~~community~~~ cpe:/a:gitlab:gitlab:9.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.3::~~community~~~ cpe:/a:gitlab:gitlab:9.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.4::~~community~~~ cpe:/a:gitlab:gitlab:9.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.5::~~community~~~ cpe:/a:gitlab:gitlab:9.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.6::~~community~~~ cpe:/a:gitlab:gitlab:9.1.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.7::~~community~~~ cpe:/a:gitlab:gitlab:9.1.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.8::~~community~~~ cpe:/a:gitlab:gitlab:9.1.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.9::~~community~~~ cpe:/a:gitlab:gitlab:9.1.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.10::~~community~~~ cpe:/a:gitlab:gitlab:9.1.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0::~~community~~~ cpe:/a:gitlab:gitlab:9.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.2::~~community~~~ cpe:/a:gitlab:gitlab:9.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.3::~~community~~~ cpe:/a:gitlab:gitlab:9.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.4::~~community~~~ cpe:/a:gitlab:gitlab:9.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.5::~~community~~~ cpe:/a:gitlab:gitlab:9.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.6::~~community~~~ cpe:/a:gitlab:gitlab:9.2.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.7::~~community~~~ cpe:/a:gitlab:gitlab:9.2.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.8::~~community~~~ cpe:/a:gitlab:gitlab:9.2.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.9::~~community~~~ cpe:/a:gitlab:gitlab:9.2.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.10::~~community~~~ cpe:/a:gitlab:gitlab:9.2.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0::~~community~~~ cpe:/a:gitlab:gitlab:9.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.2::~~community~~~ cpe:/a:gitlab:gitlab:9.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.3::~~community~~~ cpe:/a:gitlab:gitlab:9.3.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.4::~~community~~~ cpe:/a:gitlab:gitlab:9.3.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.5::~~community~~~ cpe:/a:gitlab:gitlab:9.3.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.6::~~community~~~ cpe:/a:gitlab:gitlab:9.3.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.7::~~community~~~ cpe:/a:gitlab:gitlab:9.3.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.8::~~community~~~ cpe:/a:gitlab:gitlab:9.3.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.9::~~community~~~ cpe:/a:gitlab:gitlab:9.3.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.10::~~community~~~ cpe:/a:gitlab:gitlab:9.3.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.11::~~community~~~ cpe:/a:gitlab:gitlab:9.3.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0::~~community~~~ cpe:/a:gitlab:gitlab:9.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.2::~~community~~~ cpe:/a:gitlab:gitlab:9.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.3::~~community~~~ cpe:/a:gitlab:gitlab:9.4.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.4::~~community~~~ cpe:/a:gitlab:gitlab:9.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.5::~~community~~~ cpe:/a:gitlab:gitlab:9.4.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.6::~~community~~~ cpe:/a:gitlab:gitlab:9.4.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.7::~~community~~~ cpe:/a:gitlab:gitlab:9.4.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0::~~community~~~ cpe:/a:gitlab:gitlab:9.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.2::~~community~~~ cpe:/a:gitlab:gitlab:9.5.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.3::~~community~~~ cpe:/a:gitlab:gitlab:9.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.4::~~community~~~ cpe:/a:gitlab:gitlab:9.5.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.5::~~community~~~ cpe:/a:gitlab:gitlab:9.5.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.6::~~community~~~ cpe:/a:gitlab:gitlab:9.5.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.7::~~community~~~ cpe:/a:gitlab:gitlab:9.5.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.8::~~community~~~ cpe:/a:gitlab:gitlab:9.5.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.9::~~community~~~ cpe:/a:gitlab:gitlab:9.5.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.10::~~community~~~ cpe:/a:gitlab:gitlab:9.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0::~~community~~~ cpe:/a:gitlab:gitlab:10.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.2::~~community~~~ cpe:/a:gitlab:gitlab:10.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.3::~~community~~~ cpe:/a:gitlab:gitlab:10.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.4::~~community~~~ cpe:/a:gitlab:gitlab:10.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.5::~~community~~~ cpe:/a:gitlab:gitlab:10.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.6::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0::~~community~~~ cpe:/a:gitlab:gitlab:10.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.2::~~community~~~ cpe:/a:gitlab:gitlab:10.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.3::~~community~~~ cpe:/a:gitlab:gitlab:10.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.4::~~community~~~ cpe:/a:gitlab:gitlab:10.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.5::~~community~~~ cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0::~~community~~~ cpe:/a:gitlab:gitlab:10.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.2::~~community~~~ cpe:/a:gitlab:gitlab:10.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.3::~~community~~~ cpe:/a:gitlab:gitlab:10.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.4::~~community~~~ cpe:/a:gitlab:gitlab:10.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.5::~~community~~~ cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0::~~community~~~ cpe:/a:gitlab:gitlab:10.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.2::~~community~~~ cpe:/a:gitlab:gitlab:10.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.3::~~community~~~ cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~

CVE-2017-0922

2018-03-21T16:29:00.527-04:00

2019-10-09T19:21:12.917-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ MISC https://hackerone.com/reports/301123 Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.

cpe:/a:gitlab:gitlab:9.5.10::~~community~~~ cpe:/a:gitlab:gitlab:9.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.5::~~community~~~ cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.5::~~community~~~ cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.3::~~community~~~ cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~

CVE-2017-0923

2018-03-21T16:29:00.620-04:00

2019-10-09T19:21:13.040-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ MISC https://hackerone.com/reports/293740 Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.

cpe:/a:gitlab:gitlab:9.0.0::~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.2::~~community~~~ cpe:/a:gitlab:gitlab:9.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.3::~~community~~~ cpe:/a:gitlab:gitlab:9.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.4::~~community~~~ cpe:/a:gitlab:gitlab:9.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.5::~~community~~~ cpe:/a:gitlab:gitlab:9.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.6::~~community~~~ cpe:/a:gitlab:gitlab:9.0.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.7::~~community~~~ cpe:/a:gitlab:gitlab:9.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.8::~~community~~~ cpe:/a:gitlab:gitlab:9.0.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.9::~~community~~~ cpe:/a:gitlab:gitlab:9.0.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.10::~~community~~~ cpe:/a:gitlab:gitlab:9.0.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.11::~~community~~~ cpe:/a:gitlab:gitlab:9.0.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.12::~~community~~~ cpe:/a:gitlab:gitlab:9.0.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.13::~~community~~~ cpe:/a:gitlab:gitlab:9.0.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0::~~community~~~ cpe:/a:gitlab:gitlab:9.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.2::~~community~~~ cpe:/a:gitlab:gitlab:9.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.3::~~community~~~ cpe:/a:gitlab:gitlab:9.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.4::~~community~~~ cpe:/a:gitlab:gitlab:9.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.5::~~community~~~ cpe:/a:gitlab:gitlab:9.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.6::~~community~~~ cpe:/a:gitlab:gitlab:9.1.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.7::~~community~~~ cpe:/a:gitlab:gitlab:9.1.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.8::~~community~~~ cpe:/a:gitlab:gitlab:9.1.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.9::~~community~~~ cpe:/a:gitlab:gitlab:9.1.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.10::~~community~~~ cpe:/a:gitlab:gitlab:9.1.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0::~~community~~~ cpe:/a:gitlab:gitlab:9.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.2::~~community~~~ cpe:/a:gitlab:gitlab:9.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.3::~~community~~~ cpe:/a:gitlab:gitlab:9.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.4::~~community~~~ cpe:/a:gitlab:gitlab:9.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.5::~~community~~~ cpe:/a:gitlab:gitlab:9.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.6::~~community~~~ cpe:/a:gitlab:gitlab:9.2.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.7::~~community~~~ cpe:/a:gitlab:gitlab:9.2.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.8::~~community~~~ cpe:/a:gitlab:gitlab:9.2.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.9::~~community~~~ cpe:/a:gitlab:gitlab:9.2.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.10::~~community~~~ cpe:/a:gitlab:gitlab:9.2.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0::~~community~~~ cpe:/a:gitlab:gitlab:9.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.2::~~community~~~ cpe:/a:gitlab:gitlab:9.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.3::~~community~~~ cpe:/a:gitlab:gitlab:9.3.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.4::~~community~~~ cpe:/a:gitlab:gitlab:9.3.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.5::~~community~~~ cpe:/a:gitlab:gitlab:9.3.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.6::~~community~~~ cpe:/a:gitlab:gitlab:9.3.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.7::~~community~~~ cpe:/a:gitlab:gitlab:9.3.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.8::~~community~~~ cpe:/a:gitlab:gitlab:9.3.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.9::~~community~~~ cpe:/a:gitlab:gitlab:9.3.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.10::~~community~~~ cpe:/a:gitlab:gitlab:9.3.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.11::~~community~~~ cpe:/a:gitlab:gitlab:9.3.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0::~~community~~~ cpe:/a:gitlab:gitlab:9.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.2::~~community~~~ cpe:/a:gitlab:gitlab:9.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.3::~~community~~~ cpe:/a:gitlab:gitlab:9.4.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.4::~~community~~~ cpe:/a:gitlab:gitlab:9.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.5::~~community~~~ cpe:/a:gitlab:gitlab:9.4.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.6::~~community~~~ cpe:/a:gitlab:gitlab:9.4.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.7::~~community~~~ cpe:/a:gitlab:gitlab:9.4.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0::~~community~~~ cpe:/a:gitlab:gitlab:9.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.2::~~community~~~ cpe:/a:gitlab:gitlab:9.5.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.3::~~community~~~ cpe:/a:gitlab:gitlab:9.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.4::~~community~~~ cpe:/a:gitlab:gitlab:9.5.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.5::~~community~~~ cpe:/a:gitlab:gitlab:9.5.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.6::~~community~~~ cpe:/a:gitlab:gitlab:9.5.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.7::~~community~~~ cpe:/a:gitlab:gitlab:9.5.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.8::~~community~~~ cpe:/a:gitlab:gitlab:9.5.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.9::~~community~~~ cpe:/a:gitlab:gitlab:9.5.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.10::~~community~~~ cpe:/a:gitlab:gitlab:9.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0::~~community~~~ cpe:/a:gitlab:gitlab:10.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.2::~~community~~~ cpe:/a:gitlab:gitlab:10.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.3::~~community~~~ cpe:/a:gitlab:gitlab:10.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.4::~~community~~~ cpe:/a:gitlab:gitlab:10.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.5::~~community~~~ cpe:/a:gitlab:gitlab:10.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.6::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0::~~community~~~ cpe:/a:gitlab:gitlab:10.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.2::~~community~~~ cpe:/a:gitlab:gitlab:10.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.3::~~community~~~ cpe:/a:gitlab:gitlab:10.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.4::~~community~~~ cpe:/a:gitlab:gitlab:10.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.5::~~community~~~ cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0::~~community~~~ cpe:/a:gitlab:gitlab:10.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.2::~~community~~~ cpe:/a:gitlab:gitlab:10.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.3::~~community~~~ cpe:/a:gitlab:gitlab:10.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.4::~~community~~~ cpe:/a:gitlab:gitlab:10.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.5::~~community~~~ cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0::~~community~~~ cpe:/a:gitlab:gitlab:10.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.2::~~community~~~ cpe:/a:gitlab:gitlab:10.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.3::~~community~~~ cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~

CVE-2017-0924

2018-03-21T16:29:00.683-04:00

2019-10-09T19:21:13.167-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ MISC https://hackerone.com/reports/294099 Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.

cpe:/a:gitlab:gitlab:8.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.0.0:-:~~community~~~ cpe:/a:gitlab:gitlab:8.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.0.1::~~community~~~ cpe:/a:gitlab:gitlab:8.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.0.2::~~community~~~ cpe:/a:gitlab:gitlab:8.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.0.3::~~community~~~ cpe:/a:gitlab:gitlab:8.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.0.4::~~community~~~ cpe:/a:gitlab:gitlab:8.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.0.5::~~community~~~ cpe:/a:gitlab:gitlab:8.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.0.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.1.0:-:~~community~~~ cpe:/a:gitlab:gitlab:8.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.1.1::~~community~~~ cpe:/a:gitlab:gitlab:8.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.1.2::~~community~~~ cpe:/a:gitlab:gitlab:8.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.1.3::~~community~~~ cpe:/a:gitlab:gitlab:8.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.1.4::~~community~~~ cpe:/a:gitlab:gitlab:8.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.2.0::~~community~~~ cpe:/a:gitlab:gitlab:8.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.2.1::~~community~~~ cpe:/a:gitlab:gitlab:8.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.2.2::~~community~~~ cpe:/a:gitlab:gitlab:8.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.2.3::~~community~~~ cpe:/a:gitlab:gitlab:8.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.2.4::~~community~~~ cpe:/a:gitlab:gitlab:8.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.2.5::~~community~~~ cpe:/a:gitlab:gitlab:8.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.2.6::~~community~~~ cpe:/a:gitlab:gitlab:8.2.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.0::~~community~~~ cpe:/a:gitlab:gitlab:8.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.3.1::~~community~~~ cpe:/a:gitlab:gitlab:8.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.2::~~community~~~ cpe:/a:gitlab:gitlab:8.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.3::~~community~~~ cpe:/a:gitlab:gitlab:8.3.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.4::~~community~~~ cpe:/a:gitlab:gitlab:8.3.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.5::~~community~~~ cpe:/a:gitlab:gitlab:8.3.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.6::~~community~~~ cpe:/a:gitlab:gitlab:8.3.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.7::~~community~~~ cpe:/a:gitlab:gitlab:8.3.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.8::~~community~~~ cpe:/a:gitlab:gitlab:8.3.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.9::~~community~~~ cpe:/a:gitlab:gitlab:8.3.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.3.10::~~community~~~ cpe:/a:gitlab:gitlab:8.3.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.0::~~community~~~ cpe:/a:gitlab:gitlab:8.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.4.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.4.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.4.1::~~community~~~ cpe:/a:gitlab:gitlab:8.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.2::~~community~~~ cpe:/a:gitlab:gitlab:8.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.3::~~community~~~ cpe:/a:gitlab:gitlab:8.4.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.4::~~community~~~ cpe:/a:gitlab:gitlab:8.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.5::~~community~~~ cpe:/a:gitlab:gitlab:8.4.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.6::~~community~~~ cpe:/a:gitlab:gitlab:8.4.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.7::~~community~~~ cpe:/a:gitlab:gitlab:8.4.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.8::~~community~~~ cpe:/a:gitlab:gitlab:8.4.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.9::~~community~~~ cpe:/a:gitlab:gitlab:8.4.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.10::~~community~~~ cpe:/a:gitlab:gitlab:8.4.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.4.11::~~community~~~ cpe:/a:gitlab:gitlab:8.4.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.0::~~community~~~ cpe:/a:gitlab:gitlab:8.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.5.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.5.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.5.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.5.1::~~community~~~ cpe:/a:gitlab:gitlab:8.5.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.2::~~community~~~ cpe:/a:gitlab:gitlab:8.5.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.3::~~community~~~ cpe:/a:gitlab:gitlab:8.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.4::~~community~~~ cpe:/a:gitlab:gitlab:8.5.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.5:-:~~community~~~ cpe:/a:gitlab:gitlab:8.5.5:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.5.6::~~community~~~ cpe:/a:gitlab:gitlab:8.5.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.7::~~community~~~ cpe:/a:gitlab:gitlab:8.5.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.8::~~community~~~ cpe:/a:gitlab:gitlab:8.5.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.9::~~community~~~ cpe:/a:gitlab:gitlab:8.5.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.10::~~community~~~ cpe:/a:gitlab:gitlab:8.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.11::~~community~~~ cpe:/a:gitlab:gitlab:8.5.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.12::~~community~~~ cpe:/a:gitlab:gitlab:8.5.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.5.13::~~community~~~ cpe:/a:gitlab:gitlab:8.5.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.0::~~community~~~ cpe:/a:gitlab:gitlab:8.6.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.6.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.6.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.6.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.6.1::~~community~~~ cpe:/a:gitlab:gitlab:8.6.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.2::~~community~~~ cpe:/a:gitlab:gitlab:8.6.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.3::~~community~~~ cpe:/a:gitlab:gitlab:8.6.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.4::~~community~~~ cpe:/a:gitlab:gitlab:8.6.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.5::~~community~~~ cpe:/a:gitlab:gitlab:8.6.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.6::~~community~~~ cpe:/a:gitlab:gitlab:8.6.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.7::~~community~~~ cpe:/a:gitlab:gitlab:8.6.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.8::~~community~~~ cpe:/a:gitlab:gitlab:8.6.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.6.9::~~community~~~ cpe:/a:gitlab:gitlab:8.6.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.0::~~community~~~ cpe:/a:gitlab:gitlab:8.7.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.7.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.7.1::~~community~~~ cpe:/a:gitlab:gitlab:8.7.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.2::~~community~~~ cpe:/a:gitlab:gitlab:8.7.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.3::~~community~~~ cpe:/a:gitlab:gitlab:8.7.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.4::~~community~~~ cpe:/a:gitlab:gitlab:8.7.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.5::~~community~~~ cpe:/a:gitlab:gitlab:8.7.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.6::~~community~~~ cpe:/a:gitlab:gitlab:8.7.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.7::~~community~~~ cpe:/a:gitlab:gitlab:8.7.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.8::~~community~~~ cpe:/a:gitlab:gitlab:8.7.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.7.9::~~community~~~ cpe:/a:gitlab:gitlab:8.7.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.0::~~community~~~ cpe:/a:gitlab:gitlab:8.8.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.8.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.8.1::~~community~~~ cpe:/a:gitlab:gitlab:8.8.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.2::~~community~~~ cpe:/a:gitlab:gitlab:8.8.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.3::~~community~~~ cpe:/a:gitlab:gitlab:8.8.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.4::~~community~~~ cpe:/a:gitlab:gitlab:8.8.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.5::~~community~~~ cpe:/a:gitlab:gitlab:8.8.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.6::~~community~~~ cpe:/a:gitlab:gitlab:8.8.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.7::~~community~~~ cpe:/a:gitlab:gitlab:8.8.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.8::~~community~~~ cpe:/a:gitlab:gitlab:8.8.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.9::~~community~~~ cpe:/a:gitlab:gitlab:8.8.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.0::~~community~~~ cpe:/a:gitlab:gitlab:8.9.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:8.9.1::~~community~~~ cpe:/a:gitlab:gitlab:8.9.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.2::~~community~~~ cpe:/a:gitlab:gitlab:8.9.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.3::~~community~~~ cpe:/a:gitlab:gitlab:8.9.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.4::~~community~~~ cpe:/a:gitlab:gitlab:8.9.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.5::~~community~~~ cpe:/a:gitlab:gitlab:8.9.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.6::~~community~~~ cpe:/a:gitlab:gitlab:8.9.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.7::~~community~~~ cpe:/a:gitlab:gitlab:8.9.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.8::~~community~~~ cpe:/a:gitlab:gitlab:8.9.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.9::~~community~~~ cpe:/a:gitlab:gitlab:8.9.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.10::~~community~~~ cpe:/a:gitlab:gitlab:8.9.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.11::~~community~~~ cpe:/a:gitlab:gitlab:8.9.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.0::~~community~~~ cpe:/a:gitlab:gitlab:8.10.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc10:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc11:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc12:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc13:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc9:~~community~~~ cpe:/a:gitlab:gitlab:8.10.1::~~community~~~ cpe:/a:gitlab:gitlab:8.10.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.2::~~community~~~ cpe:/a:gitlab:gitlab:8.10.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.3::~~community~~~ cpe:/a:gitlab:gitlab:8.10.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.4::~~community~~~ cpe:/a:gitlab:gitlab:8.10.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.5::~~community~~~ cpe:/a:gitlab:gitlab:8.10.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.6::~~community~~~ cpe:/a:gitlab:gitlab:8.10.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.7::~~community~~~ cpe:/a:gitlab:gitlab:8.10.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.8::~~community~~~ cpe:/a:gitlab:gitlab:8.10.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.9::~~community~~~ cpe:/a:gitlab:gitlab:8.10.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.10::~~community~~~ cpe:/a:gitlab:gitlab:8.10.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.11::~~community~~~ cpe:/a:gitlab:gitlab:8.10.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.12::~~community~~~ cpe:/a:gitlab:gitlab:8.10.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.13::~~community~~~ cpe:/a:gitlab:gitlab:8.10.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.0::~~community~~~ cpe:/a:gitlab:gitlab:8.11.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.11.1::~~community~~~ cpe:/a:gitlab:gitlab:8.11.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.2::~~community~~~ cpe:/a:gitlab:gitlab:8.11.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.3::~~community~~~ cpe:/a:gitlab:gitlab:8.11.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.4::~~community~~~ cpe:/a:gitlab:gitlab:8.11.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.5::~~community~~~ cpe:/a:gitlab:gitlab:8.11.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.6::~~community~~~ cpe:/a:gitlab:gitlab:8.11.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.7::~~community~~~ cpe:/a:gitlab:gitlab:8.11.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.8::~~community~~~ cpe:/a:gitlab:gitlab:8.11.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.9::~~community~~~ cpe:/a:gitlab:gitlab:8.11.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.10::~~community~~~ cpe:/a:gitlab:gitlab:8.11.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.11::~~community~~~ cpe:/a:gitlab:gitlab:8.11.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.0::~~community~~~ cpe:/a:gitlab:gitlab:8.12.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.12.1::~~community~~~ cpe:/a:gitlab:gitlab:8.12.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.2::~~community~~~ cpe:/a:gitlab:gitlab:8.12.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.3::~~community~~~ cpe:/a:gitlab:gitlab:8.12.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.4::~~community~~~ cpe:/a:gitlab:gitlab:8.12.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.5::~~community~~~ cpe:/a:gitlab:gitlab:8.12.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.6::~~community~~~ cpe:/a:gitlab:gitlab:8.12.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.7::~~community~~~ cpe:/a:gitlab:gitlab:8.12.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.8::~~community~~~ cpe:/a:gitlab:gitlab:8.12.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.9::~~community~~~ cpe:/a:gitlab:gitlab:8.12.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.10::~~community~~~ cpe:/a:gitlab:gitlab:8.12.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.11::~~community~~~ cpe:/a:gitlab:gitlab:8.12.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.12::~~community~~~ cpe:/a:gitlab:gitlab:8.12.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.13::~~community~~~ cpe:/a:gitlab:gitlab:8.13.0::~~community~~~ cpe:/a:gitlab:gitlab:8.13.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.13.1::~~community~~~ cpe:/a:gitlab:gitlab:8.13.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.2::~~community~~~ cpe:/a:gitlab:gitlab:8.13.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.3::~~community~~~ cpe:/a:gitlab:gitlab:8.13.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.4::~~community~~~ cpe:/a:gitlab:gitlab:8.13.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.5::~~community~~~ cpe:/a:gitlab:gitlab:8.13.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.6::~~community~~~ cpe:/a:gitlab:gitlab:8.13.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.7::~~community~~~ cpe:/a:gitlab:gitlab:8.13.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.8::~~community~~~ cpe:/a:gitlab:gitlab:8.13.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.9::~~community~~~ cpe:/a:gitlab:gitlab:8.13.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.10::~~community~~~ cpe:/a:gitlab:gitlab:8.13.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.11::~~community~~~ cpe:/a:gitlab:gitlab:8.13.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.12::~~community~~~ cpe:/a:gitlab:gitlab:8.13.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.0::~~community~~~ cpe:/a:gitlab:gitlab:8.14.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.14.1::~~community~~~ cpe:/a:gitlab:gitlab:8.14.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.2::~~community~~~ cpe:/a:gitlab:gitlab:8.14.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.3::~~community~~~ cpe:/a:gitlab:gitlab:8.14.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.4::~~community~~~ cpe:/a:gitlab:gitlab:8.14.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.5::~~community~~~ cpe:/a:gitlab:gitlab:8.14.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.6::~~community~~~ cpe:/a:gitlab:gitlab:8.14.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.7::~~community~~~ cpe:/a:gitlab:gitlab:8.14.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.8::~~community~~~ cpe:/a:gitlab:gitlab:8.14.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.9::~~community~~~ cpe:/a:gitlab:gitlab:8.14.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.10::~~community~~~ cpe:/a:gitlab:gitlab:8.14.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.0::~~community~~~ cpe:/a:gitlab:gitlab:8.15.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.1::~~community~~~ cpe:/a:gitlab:gitlab:8.15.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.2::~~community~~~ cpe:/a:gitlab:gitlab:8.15.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.3::~~community~~~ cpe:/a:gitlab:gitlab:8.15.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.4::~~community~~~ cpe:/a:gitlab:gitlab:8.15.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.5::~~community~~~ cpe:/a:gitlab:gitlab:8.15.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.6::~~community~~~ cpe:/a:gitlab:gitlab:8.15.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.7::~~community~~~ cpe:/a:gitlab:gitlab:8.15.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.8::~~community~~~ cpe:/a:gitlab:gitlab:8.15.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0::~~community~~~ cpe:/a:gitlab:gitlab:8.16.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.2::~~community~~~ cpe:/a:gitlab:gitlab:8.16.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.3::~~community~~~ cpe:/a:gitlab:gitlab:8.16.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.4::~~community~~~ cpe:/a:gitlab:gitlab:8.16.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.5::~~community~~~ cpe:/a:gitlab:gitlab:8.16.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.6::~~community~~~ cpe:/a:gitlab:gitlab:8.16.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.7::~~community~~~ cpe:/a:gitlab:gitlab:8.16.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.8::~~community~~~ cpe:/a:gitlab:gitlab:8.16.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.9::~~community~~~ cpe:/a:gitlab:gitlab:8.16.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0::~~community~~~ cpe:/a:gitlab:gitlab:8.17.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.2::~~community~~~ cpe:/a:gitlab:gitlab:8.17.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.3::~~community~~~ cpe:/a:gitlab:gitlab:8.17.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.4::~~community~~~ cpe:/a:gitlab:gitlab:8.17.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.5::~~community~~~ cpe:/a:gitlab:gitlab:8.17.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.6::~~community~~~ cpe:/a:gitlab:gitlab:8.17.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.7::~~community~~~ cpe:/a:gitlab:gitlab:8.17.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.8::~~community~~~ cpe:/a:gitlab:gitlab:8.17.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.18.0:-:~~community~~~ cpe:/a:gitlab:gitlab:8.18.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.2::~~community~~~ cpe:/a:gitlab:gitlab:9.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.3::~~community~~~ cpe:/a:gitlab:gitlab:9.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.4::~~community~~~ cpe:/a:gitlab:gitlab:9.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.5::~~community~~~ cpe:/a:gitlab:gitlab:9.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.6::~~community~~~ cpe:/a:gitlab:gitlab:9.0.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.7::~~community~~~ cpe:/a:gitlab:gitlab:9.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.8::~~community~~~ cpe:/a:gitlab:gitlab:9.0.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.9::~~community~~~ cpe:/a:gitlab:gitlab:9.0.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.10::~~community~~~ cpe:/a:gitlab:gitlab:9.0.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.11::~~community~~~ cpe:/a:gitlab:gitlab:9.0.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.12::~~community~~~ cpe:/a:gitlab:gitlab:9.0.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.13::~~community~~~ cpe:/a:gitlab:gitlab:9.0.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0::~~community~~~ cpe:/a:gitlab:gitlab:9.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.2::~~community~~~ cpe:/a:gitlab:gitlab:9.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.3::~~community~~~ cpe:/a:gitlab:gitlab:9.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.4::~~community~~~ cpe:/a:gitlab:gitlab:9.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.5::~~community~~~ cpe:/a:gitlab:gitlab:9.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.6::~~community~~~ cpe:/a:gitlab:gitlab:9.1.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.7::~~community~~~ cpe:/a:gitlab:gitlab:9.1.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.8::~~community~~~ cpe:/a:gitlab:gitlab:9.1.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.9::~~community~~~ cpe:/a:gitlab:gitlab:9.1.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.10::~~community~~~ cpe:/a:gitlab:gitlab:9.1.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0::~~community~~~ cpe:/a:gitlab:gitlab:9.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.2::~~community~~~ cpe:/a:gitlab:gitlab:9.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.3::~~community~~~ cpe:/a:gitlab:gitlab:9.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.4::~~community~~~ cpe:/a:gitlab:gitlab:9.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.5::~~community~~~ cpe:/a:gitlab:gitlab:9.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.6::~~community~~~ cpe:/a:gitlab:gitlab:9.2.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.7::~~community~~~ cpe:/a:gitlab:gitlab:9.2.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.8::~~community~~~ cpe:/a:gitlab:gitlab:9.2.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.9::~~community~~~ cpe:/a:gitlab:gitlab:9.2.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.10::~~community~~~ cpe:/a:gitlab:gitlab:9.2.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0::~~community~~~ cpe:/a:gitlab:gitlab:9.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.2::~~community~~~ cpe:/a:gitlab:gitlab:9.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.3::~~community~~~ cpe:/a:gitlab:gitlab:9.3.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.4::~~community~~~ cpe:/a:gitlab:gitlab:9.3.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.5::~~community~~~ cpe:/a:gitlab:gitlab:9.3.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.6::~~community~~~ cpe:/a:gitlab:gitlab:9.3.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.7::~~community~~~ cpe:/a:gitlab:gitlab:9.3.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.8::~~community~~~ cpe:/a:gitlab:gitlab:9.3.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.9::~~community~~~ cpe:/a:gitlab:gitlab:9.3.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.10::~~community~~~ cpe:/a:gitlab:gitlab:9.3.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.11::~~community~~~ cpe:/a:gitlab:gitlab:9.3.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0::~~community~~~ cpe:/a:gitlab:gitlab:9.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.2::~~community~~~ cpe:/a:gitlab:gitlab:9.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.3::~~community~~~ cpe:/a:gitlab:gitlab:9.4.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.4::~~community~~~ cpe:/a:gitlab:gitlab:9.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.5::~~community~~~ cpe:/a:gitlab:gitlab:9.4.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.6::~~community~~~ cpe:/a:gitlab:gitlab:9.4.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.7::~~community~~~ cpe:/a:gitlab:gitlab:9.4.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0::~~community~~~ cpe:/a:gitlab:gitlab:9.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.2::~~community~~~ cpe:/a:gitlab:gitlab:9.5.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.3::~~community~~~ cpe:/a:gitlab:gitlab:9.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.4::~~community~~~ cpe:/a:gitlab:gitlab:9.5.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.5::~~community~~~ cpe:/a:gitlab:gitlab:9.5.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.6::~~community~~~ cpe:/a:gitlab:gitlab:9.5.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.7::~~community~~~ cpe:/a:gitlab:gitlab:9.5.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.8::~~community~~~ cpe:/a:gitlab:gitlab:9.5.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.9::~~community~~~ cpe:/a:gitlab:gitlab:9.5.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.10::~~community~~~ cpe:/a:gitlab:gitlab:9.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0::~~community~~~ cpe:/a:gitlab:gitlab:10.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.2::~~community~~~ cpe:/a:gitlab:gitlab:10.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.3::~~community~~~ cpe:/a:gitlab:gitlab:10.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.4::~~community~~~ cpe:/a:gitlab:gitlab:10.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.5::~~community~~~ cpe:/a:gitlab:gitlab:10.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.6::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0::~~community~~~ cpe:/a:gitlab:gitlab:10.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.2::~~community~~~ cpe:/a:gitlab:gitlab:10.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.3::~~community~~~ cpe:/a:gitlab:gitlab:10.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.4::~~community~~~ cpe:/a:gitlab:gitlab:10.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.5::~~community~~~ cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0::~~community~~~ cpe:/a:gitlab:gitlab:10.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.2::~~community~~~ cpe:/a:gitlab:gitlab:10.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.3::~~community~~~ cpe:/a:gitlab:gitlab:10.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.4::~~community~~~ cpe:/a:gitlab:gitlab:10.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.5::~~community~~~ cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0::~~community~~~ cpe:/a:gitlab:gitlab:10.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.2::~~community~~~ cpe:/a:gitlab:gitlab:10.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.3::~~community~~~ cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~ cpe:/o:debian:debian_linux:9.0

CVE-2017-0925

2018-03-21T16:29:00.747-04:00

2019-10-09T19:21:13.290-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CONFIRM https://gitlab.com/gitlab-org/gitlab-ee/issues/3847 DEBIAN DSA-4145 Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

cpe:/a:gitlab:gitlab:8.8.0::~~community~~~ cpe:/a:gitlab:gitlab:8.8.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.8.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.8.1::~~community~~~ cpe:/a:gitlab:gitlab:8.8.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.2::~~community~~~ cpe:/a:gitlab:gitlab:8.8.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.3::~~community~~~ cpe:/a:gitlab:gitlab:8.8.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.4::~~community~~~ cpe:/a:gitlab:gitlab:8.8.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.5::~~community~~~ cpe:/a:gitlab:gitlab:8.8.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.6::~~community~~~ cpe:/a:gitlab:gitlab:8.8.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.7::~~community~~~ cpe:/a:gitlab:gitlab:8.8.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.8::~~community~~~ cpe:/a:gitlab:gitlab:8.8.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.8.9::~~community~~~ cpe:/a:gitlab:gitlab:8.8.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.0::~~community~~~ cpe:/a:gitlab:gitlab:8.9.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.9.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:8.9.1::~~community~~~ cpe:/a:gitlab:gitlab:8.9.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.2::~~community~~~ cpe:/a:gitlab:gitlab:8.9.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.3::~~community~~~ cpe:/a:gitlab:gitlab:8.9.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.4::~~community~~~ cpe:/a:gitlab:gitlab:8.9.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.5::~~community~~~ cpe:/a:gitlab:gitlab:8.9.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.6::~~community~~~ cpe:/a:gitlab:gitlab:8.9.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.7::~~community~~~ cpe:/a:gitlab:gitlab:8.9.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.8::~~community~~~ cpe:/a:gitlab:gitlab:8.9.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.9::~~community~~~ cpe:/a:gitlab:gitlab:8.9.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.10::~~community~~~ cpe:/a:gitlab:gitlab:8.9.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.9.11::~~community~~~ cpe:/a:gitlab:gitlab:8.9.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.0::~~community~~~ cpe:/a:gitlab:gitlab:8.10.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc10:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc11:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc12:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc13:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:8.10.0:rc9:~~community~~~ cpe:/a:gitlab:gitlab:8.10.1::~~community~~~ cpe:/a:gitlab:gitlab:8.10.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.2::~~community~~~ cpe:/a:gitlab:gitlab:8.10.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.3::~~community~~~ cpe:/a:gitlab:gitlab:8.10.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.4::~~community~~~ cpe:/a:gitlab:gitlab:8.10.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.5::~~community~~~ cpe:/a:gitlab:gitlab:8.10.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.6::~~community~~~ cpe:/a:gitlab:gitlab:8.10.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.7::~~community~~~ cpe:/a:gitlab:gitlab:8.10.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.8::~~community~~~ cpe:/a:gitlab:gitlab:8.10.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.9::~~community~~~ cpe:/a:gitlab:gitlab:8.10.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.10::~~community~~~ cpe:/a:gitlab:gitlab:8.10.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.11::~~community~~~ cpe:/a:gitlab:gitlab:8.10.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.12::~~community~~~ cpe:/a:gitlab:gitlab:8.10.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.10.13::~~community~~~ cpe:/a:gitlab:gitlab:8.10.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.0::~~community~~~ cpe:/a:gitlab:gitlab:8.11.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.11.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.11.1::~~community~~~ cpe:/a:gitlab:gitlab:8.11.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.2::~~community~~~ cpe:/a:gitlab:gitlab:8.11.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.3::~~community~~~ cpe:/a:gitlab:gitlab:8.11.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.4::~~community~~~ cpe:/a:gitlab:gitlab:8.11.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.5::~~community~~~ cpe:/a:gitlab:gitlab:8.11.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.6::~~community~~~ cpe:/a:gitlab:gitlab:8.11.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.7::~~community~~~ cpe:/a:gitlab:gitlab:8.11.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.8::~~community~~~ cpe:/a:gitlab:gitlab:8.11.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.9::~~community~~~ cpe:/a:gitlab:gitlab:8.11.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.10::~~community~~~ cpe:/a:gitlab:gitlab:8.11.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.11.11::~~community~~~ cpe:/a:gitlab:gitlab:8.11.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.0::~~community~~~ cpe:/a:gitlab:gitlab:8.12.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.12.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.12.1::~~community~~~ cpe:/a:gitlab:gitlab:8.12.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.2::~~community~~~ cpe:/a:gitlab:gitlab:8.12.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.3::~~community~~~ cpe:/a:gitlab:gitlab:8.12.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.4::~~community~~~ cpe:/a:gitlab:gitlab:8.12.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.5::~~community~~~ cpe:/a:gitlab:gitlab:8.12.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.6::~~community~~~ cpe:/a:gitlab:gitlab:8.12.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.7::~~community~~~ cpe:/a:gitlab:gitlab:8.12.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.8::~~community~~~ cpe:/a:gitlab:gitlab:8.12.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.9::~~community~~~ cpe:/a:gitlab:gitlab:8.12.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.10::~~community~~~ cpe:/a:gitlab:gitlab:8.12.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.11::~~community~~~ cpe:/a:gitlab:gitlab:8.12.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.12::~~community~~~ cpe:/a:gitlab:gitlab:8.12.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.12.13::~~community~~~ cpe:/a:gitlab:gitlab:8.13.0::~~community~~~ cpe:/a:gitlab:gitlab:8.13.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.13.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:8.13.1::~~community~~~ cpe:/a:gitlab:gitlab:8.13.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.2::~~community~~~ cpe:/a:gitlab:gitlab:8.13.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.3::~~community~~~ cpe:/a:gitlab:gitlab:8.13.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.4::~~community~~~ cpe:/a:gitlab:gitlab:8.13.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.5::~~community~~~ cpe:/a:gitlab:gitlab:8.13.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.6::~~community~~~ cpe:/a:gitlab:gitlab:8.13.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.7::~~community~~~ cpe:/a:gitlab:gitlab:8.13.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.8::~~community~~~ cpe:/a:gitlab:gitlab:8.13.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.9::~~community~~~ cpe:/a:gitlab:gitlab:8.13.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.10::~~community~~~ cpe:/a:gitlab:gitlab:8.13.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.11::~~community~~~ cpe:/a:gitlab:gitlab:8.13.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.13.12::~~community~~~ cpe:/a:gitlab:gitlab:8.13.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.0::~~community~~~ cpe:/a:gitlab:gitlab:8.14.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.14.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.14.1::~~community~~~ cpe:/a:gitlab:gitlab:8.14.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.2::~~community~~~ cpe:/a:gitlab:gitlab:8.14.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.3::~~community~~~ cpe:/a:gitlab:gitlab:8.14.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.4::~~community~~~ cpe:/a:gitlab:gitlab:8.14.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.5::~~community~~~ cpe:/a:gitlab:gitlab:8.14.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.6::~~community~~~ cpe:/a:gitlab:gitlab:8.14.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.7::~~community~~~ cpe:/a:gitlab:gitlab:8.14.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.8::~~community~~~ cpe:/a:gitlab:gitlab:8.14.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.9::~~community~~~ cpe:/a:gitlab:gitlab:8.14.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.14.10::~~community~~~ cpe:/a:gitlab:gitlab:8.14.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.0::~~community~~~ cpe:/a:gitlab:gitlab:8.15.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.1::~~community~~~ cpe:/a:gitlab:gitlab:8.15.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.2::~~community~~~ cpe:/a:gitlab:gitlab:8.15.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.3::~~community~~~ cpe:/a:gitlab:gitlab:8.15.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.4::~~community~~~ cpe:/a:gitlab:gitlab:8.15.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.5::~~community~~~ cpe:/a:gitlab:gitlab:8.15.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.6::~~community~~~ cpe:/a:gitlab:gitlab:8.15.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.7::~~community~~~ cpe:/a:gitlab:gitlab:8.15.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.15.8::~~community~~~ cpe:/a:gitlab:gitlab:8.15.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0::~~community~~~ cpe:/a:gitlab:gitlab:8.16.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.2::~~community~~~ cpe:/a:gitlab:gitlab:8.16.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.3::~~community~~~ cpe:/a:gitlab:gitlab:8.16.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.4::~~community~~~ cpe:/a:gitlab:gitlab:8.16.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.5::~~community~~~ cpe:/a:gitlab:gitlab:8.16.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.6::~~community~~~ cpe:/a:gitlab:gitlab:8.16.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.7::~~community~~~ cpe:/a:gitlab:gitlab:8.16.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.8::~~community~~~ cpe:/a:gitlab:gitlab:8.16.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.9::~~community~~~ cpe:/a:gitlab:gitlab:8.16.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0::~~community~~~ cpe:/a:gitlab:gitlab:8.17.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.2::~~community~~~ cpe:/a:gitlab:gitlab:8.17.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.3::~~community~~~ cpe:/a:gitlab:gitlab:8.17.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.4::~~community~~~ cpe:/a:gitlab:gitlab:8.17.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.5::~~community~~~ cpe:/a:gitlab:gitlab:8.17.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.6::~~community~~~ cpe:/a:gitlab:gitlab:8.17.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.7::~~community~~~ cpe:/a:gitlab:gitlab:8.17.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.8::~~community~~~ cpe:/a:gitlab:gitlab:8.17.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.18.0:-:~~community~~~ cpe:/a:gitlab:gitlab:8.18.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.2::~~community~~~ cpe:/a:gitlab:gitlab:9.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.3::~~community~~~ cpe:/a:gitlab:gitlab:9.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.4::~~community~~~ cpe:/a:gitlab:gitlab:9.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.5::~~community~~~ cpe:/a:gitlab:gitlab:9.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.6::~~community~~~ cpe:/a:gitlab:gitlab:9.0.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.7::~~community~~~ cpe:/a:gitlab:gitlab:9.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.8::~~community~~~ cpe:/a:gitlab:gitlab:9.0.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.9::~~community~~~ cpe:/a:gitlab:gitlab:9.0.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.10::~~community~~~ cpe:/a:gitlab:gitlab:9.0.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.11::~~community~~~ cpe:/a:gitlab:gitlab:9.0.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.12::~~community~~~ cpe:/a:gitlab:gitlab:9.0.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.13::~~community~~~ cpe:/a:gitlab:gitlab:9.0.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0::~~community~~~ cpe:/a:gitlab:gitlab:9.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.2::~~community~~~ cpe:/a:gitlab:gitlab:9.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.3::~~community~~~ cpe:/a:gitlab:gitlab:9.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.4::~~community~~~ cpe:/a:gitlab:gitlab:9.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.5::~~community~~~ cpe:/a:gitlab:gitlab:9.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.6::~~community~~~ cpe:/a:gitlab:gitlab:9.1.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.7::~~community~~~ cpe:/a:gitlab:gitlab:9.1.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.8::~~community~~~ cpe:/a:gitlab:gitlab:9.1.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.9::~~community~~~ cpe:/a:gitlab:gitlab:9.1.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.10::~~community~~~ cpe:/a:gitlab:gitlab:9.1.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0::~~community~~~ cpe:/a:gitlab:gitlab:9.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.2::~~community~~~ cpe:/a:gitlab:gitlab:9.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.3::~~community~~~ cpe:/a:gitlab:gitlab:9.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.4::~~community~~~ cpe:/a:gitlab:gitlab:9.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.5::~~community~~~ cpe:/a:gitlab:gitlab:9.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.6::~~community~~~ cpe:/a:gitlab:gitlab:9.2.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.7::~~community~~~ cpe:/a:gitlab:gitlab:9.2.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.8::~~community~~~ cpe:/a:gitlab:gitlab:9.2.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.9::~~community~~~ cpe:/a:gitlab:gitlab:9.2.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.10::~~community~~~ cpe:/a:gitlab:gitlab:9.2.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0::~~community~~~ cpe:/a:gitlab:gitlab:9.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.2::~~community~~~ cpe:/a:gitlab:gitlab:9.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.3::~~community~~~ cpe:/a:gitlab:gitlab:9.3.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.4::~~community~~~ cpe:/a:gitlab:gitlab:9.3.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.5::~~community~~~ cpe:/a:gitlab:gitlab:9.3.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.6::~~community~~~ cpe:/a:gitlab:gitlab:9.3.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.7::~~community~~~ cpe:/a:gitlab:gitlab:9.3.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.8::~~community~~~ cpe:/a:gitlab:gitlab:9.3.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.9::~~community~~~ cpe:/a:gitlab:gitlab:9.3.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.10::~~community~~~ cpe:/a:gitlab:gitlab:9.3.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.11::~~community~~~ cpe:/a:gitlab:gitlab:9.3.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0::~~community~~~ cpe:/a:gitlab:gitlab:9.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.2::~~community~~~ cpe:/a:gitlab:gitlab:9.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.3::~~community~~~ cpe:/a:gitlab:gitlab:9.4.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.4::~~community~~~ cpe:/a:gitlab:gitlab:9.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.5::~~community~~~ cpe:/a:gitlab:gitlab:9.4.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.6::~~community~~~ cpe:/a:gitlab:gitlab:9.4.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.7::~~community~~~ cpe:/a:gitlab:gitlab:9.4.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0::~~community~~~ cpe:/a:gitlab:gitlab:9.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.2::~~community~~~ cpe:/a:gitlab:gitlab:9.5.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.3::~~community~~~ cpe:/a:gitlab:gitlab:9.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.4::~~community~~~ cpe:/a:gitlab:gitlab:9.5.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.5::~~community~~~ cpe:/a:gitlab:gitlab:9.5.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.6::~~community~~~ cpe:/a:gitlab:gitlab:9.5.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.7::~~community~~~ cpe:/a:gitlab:gitlab:9.5.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.8::~~community~~~ cpe:/a:gitlab:gitlab:9.5.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.9::~~community~~~ cpe:/a:gitlab:gitlab:9.5.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.10::~~community~~~ cpe:/a:gitlab:gitlab:9.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0::~~community~~~ cpe:/a:gitlab:gitlab:10.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.2::~~community~~~ cpe:/a:gitlab:gitlab:10.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.3::~~community~~~ cpe:/a:gitlab:gitlab:10.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.4::~~community~~~ cpe:/a:gitlab:gitlab:10.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.5::~~community~~~ cpe:/a:gitlab:gitlab:10.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.6::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0::~~community~~~ cpe:/a:gitlab:gitlab:10.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.2::~~community~~~ cpe:/a:gitlab:gitlab:10.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.3::~~community~~~ cpe:/a:gitlab:gitlab:10.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.4::~~community~~~ cpe:/a:gitlab:gitlab:10.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.5::~~community~~~ cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0::~~community~~~ cpe:/a:gitlab:gitlab:10.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.2::~~community~~~ cpe:/a:gitlab:gitlab:10.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.3::~~community~~~ cpe:/a:gitlab:gitlab:10.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.4::~~community~~~ cpe:/a:gitlab:gitlab:10.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.5::~~community~~~ cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0::~~community~~~ cpe:/a:gitlab:gitlab:10.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.2::~~community~~~ cpe:/a:gitlab:gitlab:10.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.3::~~community~~~ cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~ cpe:/o:debian:debian_linux:9.0

CVE-2017-0926

2018-03-21T16:29:00.810-04:00

2019-10-09T19:21:13.430-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov CONFIRM https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CONFIRM https://gitlab.com/gitlab-org/gitlab-ce/issues/32198 DEBIAN DSA-4145 Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.

cpe:/a:gitlab:gitlab:8.16.0::~~community~~~ cpe:/a:gitlab:gitlab:8.16.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.16.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~community~~~ cpe:/a:gitlab:gitlab:8.16.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.2::~~community~~~ cpe:/a:gitlab:gitlab:8.16.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.3::~~community~~~ cpe:/a:gitlab:gitlab:8.16.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.4::~~community~~~ cpe:/a:gitlab:gitlab:8.16.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.5::~~community~~~ cpe:/a:gitlab:gitlab:8.16.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.6::~~community~~~ cpe:/a:gitlab:gitlab:8.16.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.7::~~community~~~ cpe:/a:gitlab:gitlab:8.16.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.8::~~community~~~ cpe:/a:gitlab:gitlab:8.16.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.16.9::~~community~~~ cpe:/a:gitlab:gitlab:8.16.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0::~~community~~~ cpe:/a:gitlab:gitlab:8.17.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:8.17.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~community~~~ cpe:/a:gitlab:gitlab:8.17.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.2::~~community~~~ cpe:/a:gitlab:gitlab:8.17.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.3::~~community~~~ cpe:/a:gitlab:gitlab:8.17.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.4::~~community~~~ cpe:/a:gitlab:gitlab:8.17.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.5::~~community~~~ cpe:/a:gitlab:gitlab:8.17.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.6::~~community~~~ cpe:/a:gitlab:gitlab:8.17.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.7::~~community~~~ cpe:/a:gitlab:gitlab:8.17.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.17.8::~~community~~~ cpe:/a:gitlab:gitlab:8.17.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:8.18.0:-:~~community~~~ cpe:/a:gitlab:gitlab:8.18.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~community~~~ cpe:/a:gitlab:gitlab:9.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.0.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~community~~~ cpe:/a:gitlab:gitlab:9.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.2::~~community~~~ cpe:/a:gitlab:gitlab:9.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.3::~~community~~~ cpe:/a:gitlab:gitlab:9.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.4::~~community~~~ cpe:/a:gitlab:gitlab:9.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.5::~~community~~~ cpe:/a:gitlab:gitlab:9.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.6::~~community~~~ cpe:/a:gitlab:gitlab:9.0.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.7::~~community~~~ cpe:/a:gitlab:gitlab:9.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.8::~~community~~~ cpe:/a:gitlab:gitlab:9.0.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.9::~~community~~~ cpe:/a:gitlab:gitlab:9.0.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.10::~~community~~~ cpe:/a:gitlab:gitlab:9.0.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.11::~~community~~~ cpe:/a:gitlab:gitlab:9.0.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.12::~~community~~~ cpe:/a:gitlab:gitlab:9.0.12::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.0.13::~~community~~~ cpe:/a:gitlab:gitlab:9.0.13::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0::~~community~~~ cpe:/a:gitlab:gitlab:9.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.1.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~community~~~ cpe:/a:gitlab:gitlab:9.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.2::~~community~~~ cpe:/a:gitlab:gitlab:9.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.3::~~community~~~ cpe:/a:gitlab:gitlab:9.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.4::~~community~~~ cpe:/a:gitlab:gitlab:9.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.5::~~community~~~ cpe:/a:gitlab:gitlab:9.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.6::~~community~~~ cpe:/a:gitlab:gitlab:9.1.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.7::~~community~~~ cpe:/a:gitlab:gitlab:9.1.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.8::~~community~~~ cpe:/a:gitlab:gitlab:9.1.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.9::~~community~~~ cpe:/a:gitlab:gitlab:9.1.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.1.10::~~community~~~ cpe:/a:gitlab:gitlab:9.1.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0::~~community~~~ cpe:/a:gitlab:gitlab:9.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.2.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~community~~~ cpe:/a:gitlab:gitlab:9.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.2::~~community~~~ cpe:/a:gitlab:gitlab:9.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.3::~~community~~~ cpe:/a:gitlab:gitlab:9.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.4::~~community~~~ cpe:/a:gitlab:gitlab:9.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.5::~~community~~~ cpe:/a:gitlab:gitlab:9.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.6::~~community~~~ cpe:/a:gitlab:gitlab:9.2.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.7::~~community~~~ cpe:/a:gitlab:gitlab:9.2.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.8::~~community~~~ cpe:/a:gitlab:gitlab:9.2.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.9::~~community~~~ cpe:/a:gitlab:gitlab:9.2.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.2.10::~~community~~~ cpe:/a:gitlab:gitlab:9.2.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0::~~community~~~ cpe:/a:gitlab:gitlab:9.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.3.0:rc7:~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~community~~~ cpe:/a:gitlab:gitlab:9.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.2::~~community~~~ cpe:/a:gitlab:gitlab:9.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.3::~~community~~~ cpe:/a:gitlab:gitlab:9.3.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.4::~~community~~~ cpe:/a:gitlab:gitlab:9.3.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.5::~~community~~~ cpe:/a:gitlab:gitlab:9.3.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.6::~~community~~~ cpe:/a:gitlab:gitlab:9.3.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.7::~~community~~~ cpe:/a:gitlab:gitlab:9.3.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.8::~~community~~~ cpe:/a:gitlab:gitlab:9.3.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.9::~~community~~~ cpe:/a:gitlab:gitlab:9.3.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.10::~~community~~~ cpe:/a:gitlab:gitlab:9.3.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.3.11::~~community~~~ cpe:/a:gitlab:gitlab:9.3.11::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0::~~community~~~ cpe:/a:gitlab:gitlab:9.4.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.4.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~community~~~ cpe:/a:gitlab:gitlab:9.4.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.2::~~community~~~ cpe:/a:gitlab:gitlab:9.4.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.3::~~community~~~ cpe:/a:gitlab:gitlab:9.4.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.4::~~community~~~ cpe:/a:gitlab:gitlab:9.4.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.5::~~community~~~ cpe:/a:gitlab:gitlab:9.4.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.6::~~community~~~ cpe:/a:gitlab:gitlab:9.4.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.4.7::~~community~~~ cpe:/a:gitlab:gitlab:9.4.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0::~~community~~~ cpe:/a:gitlab:gitlab:9.5.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:9.5.0:rc8:~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~community~~~ cpe:/a:gitlab:gitlab:9.5.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.2::~~community~~~ cpe:/a:gitlab:gitlab:9.5.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.3::~~community~~~ cpe:/a:gitlab:gitlab:9.5.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.4::~~community~~~ cpe:/a:gitlab:gitlab:9.5.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.5::~~community~~~ cpe:/a:gitlab:gitlab:9.5.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.6::~~community~~~ cpe:/a:gitlab:gitlab:9.5.6::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.7::~~community~~~ cpe:/a:gitlab:gitlab:9.5.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.8::~~community~~~ cpe:/a:gitlab:gitlab:9.5.8::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.9::~~community~~~ cpe:/a:gitlab:gitlab:9.5.9::~~enterprise~~~ cpe:/a:gitlab:gitlab:9.5.10::~~community~~~ cpe:/a:gitlab:gitlab:9.5.10::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0::~~community~~~ cpe:/a:gitlab:gitlab:10.0.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.0.0:rc6:~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~community~~~ cpe:/a:gitlab:gitlab:10.0.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.2::~~community~~~ cpe:/a:gitlab:gitlab:10.0.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.3::~~community~~~ cpe:/a:gitlab:gitlab:10.0.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.4::~~community~~~ cpe:/a:gitlab:gitlab:10.0.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.5::~~community~~~ cpe:/a:gitlab:gitlab:10.0.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.0.6::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~community~~~ cpe:/a:gitlab:gitlab:10.0.7::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0::~~community~~~ cpe:/a:gitlab:gitlab:10.1.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.1.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~community~~~ cpe:/a:gitlab:gitlab:10.1.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.2::~~community~~~ cpe:/a:gitlab:gitlab:10.1.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.3::~~community~~~ cpe:/a:gitlab:gitlab:10.1.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.4::~~community~~~ cpe:/a:gitlab:gitlab:10.1.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.1.5::~~community~~~ cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0::~~community~~~ cpe:/a:gitlab:gitlab:10.2.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.2.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~community~~~ cpe:/a:gitlab:gitlab:10.2.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.2::~~community~~~ cpe:/a:gitlab:gitlab:10.2.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.3::~~community~~~ cpe:/a:gitlab:gitlab:10.2.3::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.4::~~community~~~ cpe:/a:gitlab:gitlab:10.2.4::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.2.5::~~community~~~ cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0::~~community~~~ cpe:/a:gitlab:gitlab:10.3.0::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.0:pre:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc1:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc2:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc3:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc4:~~community~~~ cpe:/a:gitlab:gitlab:10.3.0:rc5:~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~community~~~ cpe:/a:gitlab:gitlab:10.3.1::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.2::~~community~~~ cpe:/a:gitlab:gitlab:10.3.2::~~enterprise~~~ cpe:/a:gitlab:gitlab:10.3.3::~~community~~~ cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~

CVE-2017-0927

2018-03-21T16:29:00.857-04:00

2019-10-09T19:21:13.557-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CONFIRM https://gitlab.com/gitlab-org/gitlab-ce/issues/37594 Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.

cpe:/a:theguardian:html-janitor:2.0.2::~~~node.js~~

CVE-2017-0928

2018-06-04T15:29:00.380-04:00

2019-10-09T19:21:13.680-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC https://github.com/guardian/html-janitor/issues/35 MISC https://hackerone.com/reports/308158 html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.

cpe:/a:dnnsoftware:dotnetnuke:7.1.2.164 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.165 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.166 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.167 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.168 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.169 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.170 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.171 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.172 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.173 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.174 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.175 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.176 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.177 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.178 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.179 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.180 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.181 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.182 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.183 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.184 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.185 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.186 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.187 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.188 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.189 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.190 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.191 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.192 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.193 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.194 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.195 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.196 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.197 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.198 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.199 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.200 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.201 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.202 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.203 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.204 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.205 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.206 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.207 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.208 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.209 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.210 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.211 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.212 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.213 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.214 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.215 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.216 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.217 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.218 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.219 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.220 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.221 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.222 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.223 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.224 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.225 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.226 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.227 cpe:/a:dnnsoftware:dotnetnuke:7.1.2.228 cpe:/a:dnnsoftware:dotnetnuke:7.2.0.607 cpe:/a:dnnsoftware:dotnetnuke:7.2.1.367 cpe:/a:dnnsoftware:dotnetnuke:7.3.0.499 cpe:/a:dnnsoftware:dotnetnuke:7.3.1.20 cpe:/a:dnnsoftware:dotnetnuke:7.3.2.109 cpe:/a:dnnsoftware:dotnetnuke:7.3.3.118 cpe:/a:dnnsoftware:dotnetnuke:7.3.4.45 cpe:/a:dnnsoftware:dotnetnuke:7.4.0.353 cpe:/a:dnnsoftware:dotnetnuke:7.5.0.875:alpha cpe:/a:dnnsoftware:dotnetnuke:7.5.0.885:alpha cpe:/a:dnnsoftware:dotnetnuke:8.0.0 cpe:/a:dnnsoftware:dotnetnuke:8.0.1 cpe:/a:dnnsoftware:dotnetnuke:8.0.2 cpe:/a:dnnsoftware:dotnetnuke:8.0.3 cpe:/a:dnnsoftware:dotnetnuke:8.0.4 cpe:/a:dnnsoftware:dotnetnuke:9.0.0 cpe:/a:dnnsoftware:dotnetnuke:9.0.1 cpe:/a:dnnsoftware:dotnetnuke:9.0.2 cpe:/a:dnnsoftware:dotnetnuke:9.1.0 cpe:/a:dnnsoftware:dotnetnuke:9.1.1 cpe:/a:dnnsoftware:dotnetnuke:9.2

CVE-2017-0929

2018-07-03T17:29:00.370-04:00

2018-09-04T11:31:06.870-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-08-22T16:36:01.107-04:00

MISC https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3 DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.

cpe:/a:augustine_project:augustine:0.2.3::~~~node.js~~

CVE-2017-0930

2018-06-04T15:29:00.427-04:00

2019-10-09T19:21:13.820-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov MISC https://hackerone.com/reports/296282 augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.

cpe:/a:theguardian:html-janitor:2.0.2::~~~node.js~~

CVE-2017-0931

2018-06-04T15:29:00.477-04:00

2019-10-09T19:21:13.947-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC https://github.com/guardian/html-janitor/issues/34 MISC https://hackerone.com/reports/308155 html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values.

cpe:/o:ubnt:edgeos:1.9.1.1

CVE-2017-0932

2018-03-22T10:29:00.223-04:00

2019-10-09T19:21:14.057-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov CONFIRM https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9-7-hotfix-3/ba-p/2054117 MISC https://hackerone.com/reports/239719 Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system.

cpe:/o:ubnt:edgeos:1.9.1

CVE-2017-0933

2018-03-22T10:29:00.287-04:00

2019-10-09T19:21:14.197-04:00

8.5

NETWORK

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov CONFIRM https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524 MISC https://hackerone.com/reports/240098 Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system.

cpe:/o:ubnt:edgeos:1.9.1

CVE-2017-0934

2018-03-22T10:29:00.347-04:00

2019-10-09T19:21:14.307-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov CONFIRM https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524 MISC https://hackerone.com/reports/241044 Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.

cpe:/o:ubnt:edgeos:1.9.1.1

CVE-2017-0935

2018-03-22T10:29:00.427-04:00

2019-10-09T19:21:14.417-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov CONFIRM https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9-7-hotfix-3/ba-p/2054117 MISC https://hackerone.com/reports/242407 Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.

cpe:/a:nextcloud:nextcloud_server:1.0:rc1 cpe:/a:nextcloud:nextcloud_server:1.0.0:beta1 cpe:/a:nextcloud:nextcloud_server:1.1 cpe:/a:nextcloud:nextcloud_server:2.0:beta3 cpe:/a:nextcloud:nextcloud_server:3.0 cpe:/a:nextcloud:nextcloud_server:3.0:alpha1 cpe:/a:nextcloud:nextcloud_server:3.0:rc1 cpe:/a:nextcloud:nextcloud_server:3.0.1 cpe:/a:nextcloud:nextcloud_server:4.0.0:beta cpe:/a:nextcloud:nextcloud_server:4.0.0:rc cpe:/a:nextcloud:nextcloud_server:4.0.0:rc2 cpe:/a:nextcloud:nextcloud_server:4.0.1 cpe:/a:nextcloud:nextcloud_server:4.0.2 cpe:/a:nextcloud:nextcloud_server:4.0.3 cpe:/a:nextcloud:nextcloud_server:4.0.4 cpe:/a:nextcloud:nextcloud_server:4.0.5 cpe:/a:nextcloud:nextcloud_server:4.0.6 cpe:/a:nextcloud:nextcloud_server:4.0.7 cpe:/a:nextcloud:nextcloud_server:4.0.8 cpe:/a:nextcloud:nextcloud_server:4.0.9 cpe:/a:nextcloud:nextcloud_server:4.0.10 cpe:/a:nextcloud:nextcloud_server:4.0.11 cpe:/a:nextcloud:nextcloud_server:4.0.12 cpe:/a:nextcloud:nextcloud_server:4.0.13 cpe:/a:nextcloud:nextcloud_server:4.0.14 cpe:/a:nextcloud:nextcloud_server:4.0.15 cpe:/a:nextcloud:nextcloud_server:4.0.16 cpe:/a:nextcloud:nextcloud_server:4.5.0 cpe:/a:nextcloud:nextcloud_server:4.5.0:beta1 cpe:/a:nextcloud:nextcloud_server:4.5.0:beta2 cpe:/a:nextcloud:nextcloud_server:4.5.0:beta3 cpe:/a:nextcloud:nextcloud_server:4.5.0:beta4 cpe:/a:nextcloud:nextcloud_server:4.5.0:rc1 cpe:/a:nextcloud:nextcloud_server:4.5.0:rc2 cpe:/a:nextcloud:nextcloud_server:4.5.0:rc3 cpe:/a:nextcloud:nextcloud_server:4.5.1 cpe:/a:nextcloud:nextcloud_server:4.5.1:alpha cpe:/a:nextcloud:nextcloud_server:4.5.2 cpe:/a:nextcloud:nextcloud_server:4.5.3 cpe:/a:nextcloud:nextcloud_server:4.5.4 cpe:/a:nextcloud:nextcloud_server:4.5.5 cpe:/a:nextcloud:nextcloud_server:4.5.6 cpe:/a:nextcloud:nextcloud_server:4.5.7 cpe:/a:nextcloud:nextcloud_server:4.5.8 cpe:/a:nextcloud:nextcloud_server:4.5.9 cpe:/a:nextcloud:nextcloud_server:4.5.10 cpe:/a:nextcloud:nextcloud_server:4.5.10:rc1 cpe:/a:nextcloud:nextcloud_server:4.5.11 cpe:/a:nextcloud:nextcloud_server:4.5.12 cpe:/a:nextcloud:nextcloud_server:4.5.13 cpe:/a:nextcloud:nextcloud_server:5.0.0 cpe:/a:nextcloud:nextcloud_server:5.0.0:alpha1 cpe:/a:nextcloud:nextcloud_server:5.0.0:beta1 cpe:/a:nextcloud:nextcloud_server:5.0.0:beta2 cpe:/a:nextcloud:nextcloud_server:5.0.0:rc1 cpe:/a:nextcloud:nextcloud_server:5.0.0:rc2 cpe:/a:nextcloud:nextcloud_server:5.0.0:rc3 cpe:/a:nextcloud:nextcloud_server:5.0.1 cpe:/a:nextcloud:nextcloud_server:5.0.2 cpe:/a:nextcloud:nextcloud_server:5.0.3 cpe:/a:nextcloud:nextcloud_server:5.0.4 cpe:/a:nextcloud:nextcloud_server:5.0.4:rc1 cpe:/a:nextcloud:nextcloud_server:5.0.5 cpe:/a:nextcloud:nextcloud_server:5.0.5:rc1 cpe:/a:nextcloud:nextcloud_server:5.0.6 cpe:/a:nextcloud:nextcloud_server:5.0.7 cpe:/a:nextcloud:nextcloud_server:5.0.8 cpe:/a:nextcloud:nextcloud_server:5.0.9 cpe:/a:nextcloud:nextcloud_server:5.0.10 cpe:/a:nextcloud:nextcloud_server:5.0.11 cpe:/a:nextcloud:nextcloud_server:5.0.12 cpe:/a:nextcloud:nextcloud_server:5.0.13 cpe:/a:nextcloud:nextcloud_server:5.0.14 cpe:/a:nextcloud:nextcloud_server:5.0.14:alpha cpe:/a:nextcloud:nextcloud_server:5.0.15 cpe:/a:nextcloud:nextcloud_server:5.0.15:rc1 cpe:/a:nextcloud:nextcloud_server:5.0.16 cpe:/a:nextcloud:nextcloud_server:5.0.16:rc1 cpe:/a:nextcloud:nextcloud_server:5.0.17 cpe:/a:nextcloud:nextcloud_server:5.0.17:beta1 cpe:/a:nextcloud:nextcloud_server:5.0.19 cpe:/a:nextcloud:nextcloud_server:6.0.0 cpe:/a:nextcloud:nextcloud_server:6.0.0:alpha cpe:/a:nextcloud:nextcloud_server:6.0.0:alpha2 cpe:/a:nextcloud:nextcloud_server:6.0.0:beta2 cpe:/a:nextcloud:nextcloud_server:6.0.0:beta3 cpe:/a:nextcloud:nextcloud_server:6.0.0:beta4 cpe:/a:nextcloud:nextcloud_server:6.0.0:beta5 cpe:/a:nextcloud:nextcloud_server:6.0.0:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.0:rc2 cpe:/a:nextcloud:nextcloud_server:6.0.0:rc3 cpe:/a:nextcloud:nextcloud_server:6.0.0:rc4 cpe:/a:nextcloud:nextcloud_server:6.0.1 cpe:/a:nextcloud:nextcloud_server:6.0.1:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.2 cpe:/a:nextcloud:nextcloud_server:6.0.2:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.3 cpe:/a:nextcloud:nextcloud_server:6.0.3:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.4 cpe:/a:nextcloud:nextcloud_server:6.0.4:beta1 cpe:/a:nextcloud:nextcloud_server:6.0.5 cpe:/a:nextcloud:nextcloud_server:6.0.5:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.6 cpe:/a:nextcloud:nextcloud_server:6.0.6:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.7 cpe:/a:nextcloud:nextcloud_server:6.0.8 cpe:/a:nextcloud:nextcloud_server:6.0.8:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.8:rc2 cpe:/a:nextcloud:nextcloud_server:6.0.9 cpe:/a:nextcloud:nextcloud_server:6.0.9:beta cpe:/a:nextcloud:nextcloud_server:6.0.9:rc1 cpe:/a:nextcloud:nextcloud_server:6.0.10:beta1 cpe:/a:nextcloud:nextcloud_server:7.0.0 cpe:/a:nextcloud:nextcloud_server:7.0.0:alpha2 cpe:/a:nextcloud:nextcloud_server:7.0.0:beta1 cpe:/a:nextcloud:nextcloud_server:7.0.0:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.0:rc2 cpe:/a:nextcloud:nextcloud_server:7.0.0:rc3 cpe:/a:nextcloud:nextcloud_server:7.0.1 cpe:/a:nextcloud:nextcloud_server:7.0.1:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.2 cpe:/a:nextcloud:nextcloud_server:7.0.2:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.3 cpe:/a:nextcloud:nextcloud_server:7.0.3:alpha1 cpe:/a:nextcloud:nextcloud_server:7.0.3:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.3:rc2 cpe:/a:nextcloud:nextcloud_server:7.0.3:rc3 cpe:/a:nextcloud:nextcloud_server:7.0.4 cpe:/a:nextcloud:nextcloud_server:7.0.4:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.4:rc2 cpe:/a:nextcloud:nextcloud_server:7.0.5 cpe:/a:nextcloud:nextcloud_server:7.0.6 cpe:/a:nextcloud:nextcloud_server:7.0.6:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.6:rc2 cpe:/a:nextcloud:nextcloud_server:7.0.7 cpe:/a:nextcloud:nextcloud_server:7.0.7:beta cpe:/a:nextcloud:nextcloud_server:7.0.7:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.8 cpe:/a:nextcloud:nextcloud_server:7.0.8:beta1 cpe:/a:nextcloud:nextcloud_server:7.0.8:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.9 cpe:/a:nextcloud:nextcloud_server:7.0.9:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.10 cpe:/a:nextcloud:nextcloud_server:7.0.11 cpe:/a:nextcloud:nextcloud_server:7.0.11:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.11:rc2 cpe:/a:nextcloud:nextcloud_server:7.0.12 cpe:/a:nextcloud:nextcloud_server:7.0.12:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.13 cpe:/a:nextcloud:nextcloud_server:7.0.13:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.13:rc2 cpe:/a:nextcloud:nextcloud_server:7.0.14 cpe:/a:nextcloud:nextcloud_server:7.0.14:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.14:rc2 cpe:/a:nextcloud:nextcloud_server:7.0.15 cpe:/a:nextcloud:nextcloud_server:7.0.15:rc1 cpe:/a:nextcloud:nextcloud_server:7.0.15:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.0 cpe:/a:nextcloud:nextcloud_server:8.0.0:alpha1 cpe:/a:nextcloud:nextcloud_server:8.0.0:alpha2 cpe:/a:nextcloud:nextcloud_server:8.0.0:beta1 cpe:/a:nextcloud:nextcloud_server:8.0.0:beta2 cpe:/a:nextcloud:nextcloud_server:8.0.0:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.0:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.1 cpe:/a:nextcloud:nextcloud_server:8.0.1:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.2 cpe:/a:nextcloud:nextcloud_server:8.0.3 cpe:/a:nextcloud:nextcloud_server:8.0.3:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.3:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.3:rc3 cpe:/a:nextcloud:nextcloud_server:8.0.3:rc4 cpe:/a:nextcloud:nextcloud_server:8.0.4 cpe:/a:nextcloud:nextcloud_server:8.0.4:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.4:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.5 cpe:/a:nextcloud:nextcloud_server:8.0.5:beta cpe:/a:nextcloud:nextcloud_server:8.0.5:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.6 cpe:/a:nextcloud:nextcloud_server:8.0.6:beta1 cpe:/a:nextcloud:nextcloud_server:8.0.6:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.7 cpe:/a:nextcloud:nextcloud_server:8.0.7:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.8 cpe:/a:nextcloud:nextcloud_server:8.0.9 cpe:/a:nextcloud:nextcloud_server:8.0.9:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.9:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.10 cpe:/a:nextcloud:nextcloud_server:8.0.10:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.11 cpe:/a:nextcloud:nextcloud_server:8.0.11:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.11:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.12 cpe:/a:nextcloud:nextcloud_server:8.0.12:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.12:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.13 cpe:/a:nextcloud:nextcloud_server:8.0.13:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.13:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.14 cpe:/a:nextcloud:nextcloud_server:8.0.14:rc2 cpe:/a:nextcloud:nextcloud_server:8.0.15 cpe:/a:nextcloud:nextcloud_server:8.0.15:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.16 cpe:/a:nextcloud:nextcloud_server:8.0.16:rc1 cpe:/a:nextcloud:nextcloud_server:8.0.16:rc2 cpe:/a:nextcloud:nextcloud_server:8.1:rc2 cpe:/a:nextcloud:nextcloud_server:8.1.0 cpe:/a:nextcloud:nextcloud_server:8.1.0:alpha1 cpe:/a:nextcloud:nextcloud_server:8.1.0:alpha2 cpe:/a:nextcloud:nextcloud_server:8.1.0:beta1 cpe:/a:nextcloud:nextcloud_server:8.1.0:beta2 cpe:/a:nextcloud:nextcloud_server:8.1.1 cpe:/a:nextcloud:nextcloud_server:8.1.1:beta cpe:/a:nextcloud:nextcloud_server:8.1.1:beta1 cpe:/a:nextcloud:nextcloud_server:8.1.1:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.2 cpe:/a:nextcloud:nextcloud_server:8.1.2:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.3 cpe:/a:nextcloud:nextcloud_server:8.1.4 cpe:/a:nextcloud:nextcloud_server:8.1.4:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.4:rc2 cpe:/a:nextcloud:nextcloud_server:8.1.5 cpe:/a:nextcloud:nextcloud_server:8.1.5:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.6 cpe:/a:nextcloud:nextcloud_server:8.1.6:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.6:rc2 cpe:/a:nextcloud:nextcloud_server:8.1.7 cpe:/a:nextcloud:nextcloud_server:8.1.7:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.7:rc2 cpe:/a:nextcloud:nextcloud_server:8.1.8 cpe:/a:nextcloud:nextcloud_server:8.1.8:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.8:rc2 cpe:/a:nextcloud:nextcloud_server:8.1.9 cpe:/a:nextcloud:nextcloud_server:8.1.9:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.9:rc2 cpe:/a:nextcloud:nextcloud_server:8.1.10 cpe:/a:nextcloud:nextcloud_server:8.1.10:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.11 cpe:/a:nextcloud:nextcloud_server:8.1.11:rc1 cpe:/a:nextcloud:nextcloud_server:8.1.11:rc2 cpe:/a:nextcloud:nextcloud_server:8.2:beta1 cpe:/a:nextcloud:nextcloud_server:8.2:rc1 cpe:/a:nextcloud:nextcloud_server:8.2:rc2 cpe:/a:nextcloud:nextcloud_server:8.2:rc3 cpe:/a:nextcloud:nextcloud_server:8.2.0 cpe:/a:nextcloud:nextcloud_server:8.2.1 cpe:/a:nextcloud:nextcloud_server:8.2.1:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.1:rc2 cpe:/a:nextcloud:nextcloud_server:8.2.1:rc3 cpe:/a:nextcloud:nextcloud_server:8.2.1:rc4 cpe:/a:nextcloud:nextcloud_server:8.2.2 cpe:/a:nextcloud:nextcloud_server:8.2.2:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.3 cpe:/a:nextcloud:nextcloud_server:8.2.3:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.3:rc2 cpe:/a:nextcloud:nextcloud_server:8.2.4 cpe:/a:nextcloud:nextcloud_server:8.2.4:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.4:rc2 cpe:/a:nextcloud:nextcloud_server:8.2.5 cpe:/a:nextcloud:nextcloud_server:8.2.5:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.5:rc2 cpe:/a:nextcloud:nextcloud_server:8.2.6 cpe:/a:nextcloud:nextcloud_server:8.2.6:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.7 cpe:/a:nextcloud:nextcloud_server:8.2.7:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.8 cpe:/a:nextcloud:nextcloud_server:8.2.8:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.8:rc2 cpe:/a:nextcloud:nextcloud_server:8.2.9 cpe:/a:nextcloud:nextcloud_server:8.2.9:rc1 cpe:/a:nextcloud:nextcloud_server:8.2.9:rc2 cpe:/a:nextcloud:nextcloud_server:9.0:beta1 cpe:/a:nextcloud:nextcloud_server:9.0.0 cpe:/a:nextcloud:nextcloud_server:9.0.0:beta2 cpe:/a:nextcloud:nextcloud_server:9.0.0:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.0:rc2 cpe:/a:nextcloud:nextcloud_server:9.0.0:rc3 cpe:/a:nextcloud:nextcloud_server:9.0.1 cpe:/a:nextcloud:nextcloud_server:9.0.1:beta cpe:/a:nextcloud:nextcloud_server:9.0.1:beta2 cpe:/a:nextcloud:nextcloud_server:9.0.1:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.1:rc2 cpe:/a:nextcloud:nextcloud_server:9.0.2 cpe:/a:nextcloud:nextcloud_server:9.0.2:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.2:rc2 cpe:/a:nextcloud:nextcloud_server:9.0.3 cpe:/a:nextcloud:nextcloud_server:9.0.3:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.4 cpe:/a:nextcloud:nextcloud_server:9.0.4:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.5 cpe:/a:nextcloud:nextcloud_server:9.0.5:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.5:rc2 cpe:/a:nextcloud:nextcloud_server:9.0.6 cpe:/a:nextcloud:nextcloud_server:9.0.6:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.6:rc2 cpe:/a:nextcloud:nextcloud_server:9.0.7 cpe:/a:nextcloud:nextcloud_server:9.0.7:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.50 cpe:/a:nextcloud:nextcloud_server:9.0.51 cpe:/a:nextcloud:nextcloud_server:9.0.52 cpe:/a:nextcloud:nextcloud_server:9.0.52:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.53 cpe:/a:nextcloud:nextcloud_server:9.0.54 cpe:/a:nextcloud:nextcloud_server:9.0.54:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.55 cpe:/a:nextcloud:nextcloud_server:9.0.56 cpe:/a:nextcloud:nextcloud_server:9.0.56:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.57 cpe:/a:nextcloud:nextcloud_server:9.0.57:rc1 cpe:/a:nextcloud:nextcloud_server:9.0.58 cpe:/a:nextcloud:nextcloud_server:9.0.58:rc1 cpe:/a:nextcloud:nextcloud_server:9.1.0 cpe:/a:nextcloud:nextcloud_server:9.1.0:beta1 cpe:/a:nextcloud:nextcloud_server:9.1.0:beta2 cpe:/a:nextcloud:nextcloud_server:9.1.0:rc1 cpe:/a:nextcloud:nextcloud_server:9.1.0:rc2 cpe:/a:nextcloud:nextcloud_server:9.1.0:rc3 cpe:/a:nextcloud:nextcloud_server:9.1.0:rc4 cpe:/a:nextcloud:nextcloud_server:9.1.1 cpe:/a:nextcloud:nextcloud_server:9.1.1:rc1 cpe:/a:nextcloud:nextcloud_server:9.1.1:rc2 cpe:/a:nextcloud:nextcloud_server:9.1.1:rc3 cpe:/a:nextcloud:nextcloud_server:9.1.2 cpe:/a:nextcloud:nextcloud_server:9.1.2:rc1 cpe:/a:nextcloud:nextcloud_server:9.1.2:rc2 cpe:/a:nextcloud:nextcloud_server:9.1.3 cpe:/a:nextcloud:nextcloud_server:9.1.3:rc1 cpe:/a:nextcloud:nextcloud_server:10.0:rc1 cpe:/a:nextcloud:nextcloud_server:10.0.0 cpe:/a:nextcloud:nextcloud_server:10.0.1 cpe:/a:nextcloud:nextcloud_server:10.0.1:rc1 cpe:/a:nextcloud:nextcloud_server:10.0.2 cpe:/a:nextcloud:nextcloud_server:10.0.3 cpe:/a:nextcloud:nextcloud_server:10.0.3:rc1 cpe:/a:nextcloud:nextcloud_server:10.0.4 cpe:/a:nextcloud:nextcloud_server:10.0.4:rc1 cpe:/a:nextcloud:nextcloud_server:10.0.5 cpe:/a:nextcloud:nextcloud_server:10.0.5:rc1 cpe:/a:nextcloud:nextcloud_server:10.0.5:rc2 cpe:/a:nextcloud:nextcloud_server:10.0.6 cpe:/a:nextcloud:nextcloud_server:10.0.6:rc1 cpe:/a:nextcloud:nextcloud_server:11.0:rc2 cpe:/a:nextcloud:nextcloud_server:11.0.0 cpe:/a:nextcloud:nextcloud_server:11.0.1 cpe:/a:nextcloud:nextcloud_server:11.0.1:rc1 cpe:/a:nextcloud:nextcloud_server:11.0.2 cpe:/a:nextcloud:nextcloud_server:11.0.2:rc1 cpe:/a:nextcloud:nextcloud_server:11.0.3 cpe:/a:nextcloud:nextcloud_server:11.0.3:rc1 cpe:/a:nextcloud:nextcloud_server:11.0.3:rc2 cpe:/a:nextcloud:nextcloud_server:11.0.4 cpe:/a:nextcloud:nextcloud_server:11.0.4:rc1 cpe:/a:nextcloud:nextcloud_server:11.0.5 cpe:/a:nextcloud:nextcloud_server:11.0.5:rc1 cpe:/a:nextcloud:nextcloud_server:11.0.6 cpe:/a:nextcloud:nextcloud_server:11.0.6:rc1 cpe:/a:nextcloud:nextcloud_server:12.0.5

CVE-2017-0936

2018-03-28T16:29:00.270-04:00

2019-10-09T19:21:14.523-04:00

4.9

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov MISC https://hackerone.com/reports/297751 CONFIRM https://nextcloud.com/security/advisory/?id=nc-sa-2018-001 Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user.

CVE-2017-0938

2019-02-12T17:29:00.267-05:00

2019-10-09T19:21:14.713-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MISC https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522 MISC https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215 MISC https://hackerone.com/reports/221625 Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.

cpe:/a:oracle:hospitality_reporting_and_analytics:8.5.1 cpe:/a:oracle:hospitality_reporting_and_analytics:9.0.0

CVE-2017-10000

2017-08-08T11:29:00.177-04:00

2019-10-02T20:03:26.223-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov

2017-08-10T11:14:33.023-04:00

CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html SECTRACK 1038941 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Reporting and Analytics. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

CVE-2017-1000000

2019-02-19T10:15:08.700-05:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. This issue lacks details and cannot be determined if it is a security issue or not. Notes: none.

cpe:/a:fedoraproject:fedmsg:0.18.1

CVE-2017-1000001

2017-07-17T09:18:15.937-04:00

2017-07-26T14:14:04.910-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-26T09:08:15.737-04:00

CONFIRM https://github.com/fedora-infra/fedmsg/blob/0.18.2/CHANGELOG.rst FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on.

cpe:/a:atutor:atutor:2.2.1

CVE-2017-1000002

2017-07-17T09:18:15.970-04:00

2017-07-27T10:31:35.127-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-07-18T13:44:01.027-04:00

CONFIRM http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55 CONFIRM http://www.atutor.ca/atutor/mantis/view.php?id=5681 BID 99599 ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure.

cpe:/a:atutor:atutor:2.2.1

CVE-2017-1000003

2017-07-17T09:18:16.000-04:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2019-05-03T14:16:52.860-04:00

CONFIRM http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55 CONFIRM http://www.atutor.ca/atutor/mantis/view.php?id=5681 BID 99599 ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Module component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Alternative Content component resulting in privilege escalation.

cpe:/a:atutor:atutor:2.2.1

CVE-2017-1000004

2017-07-17T09:18:16.030-04:00

2017-08-04T09:44:08.243-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-07-21T10:09:17.973-04:00

CONFIRM http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55 CONFIRM http://www.atutor.ca/atutor/mantis/view.php?id=5681 BID 99599 ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution.

cpe:/a:phpminiadmin_project:phpminiadmin:1.9.160930

CVE-2017-1000005

2017-07-17T09:18:16.063-04:00

2017-07-21T14:52:43.453-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-21T10:14:21.463-04:00

MISC https://github.com/osalabs/phpminiadmin PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data).

cpe:/a:plotly:plotly.js:1.11.0 cpe:/a:plotly:plotly.js:1.12.0 cpe:/a:plotly:plotly.js:1.13.0 cpe:/a:plotly:plotly.js:1.14.0 cpe:/a:plotly:plotly.js:1.14.1 cpe:/a:plotly:plotly.js:1.14.2 cpe:/a:plotly:plotly.js:1.15.0

CVE-2017-1000006

2017-07-17T09:18:16.093-04:00

2017-07-27T10:50:33.587-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-18T11:50:59.770-04:00

CONFIRM http://help.plot.ly/security-advisories/2016-08-08-plotlyjs-xss-advisory/ Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue.

cpe:/a:twistedmatrix:txaws:-

CVE-2017-1000007

2017-07-17T09:18:16.127-04:00

2017-08-04T09:43:14.270-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-21T10:21:02.640-04:00

CONFIRM https://github.com/twisted/txaws/issues/24 txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure.

cpe:/a:chyrp-lite_project:chyrp_lite:2016.04

CVE-2017-1000008

2017-07-17T09:18:16.157-04:00

2017-08-07T14:41:43.277-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-27T10:33:09.533-04:00

CONFIRM https://github.com/xenocrat/chyrp-lite/commit/79bb2de7f57d163d256b6bdb127dc09cfdb6235a Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.

cpe:/a:akeneo:pim:1.4.0::~~community~~~ cpe:/a:akeneo:pim:1.4.0::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.0:beta1:~~community~~~ cpe:/a:akeneo:pim:1.4.0:beta1:~~enterprise~~~ cpe:/a:akeneo:pim:1.4.0:beta2:~~community~~~ cpe:/a:akeneo:pim:1.4.0:beta2:~~enterprise~~~ cpe:/a:akeneo:pim:1.4.0:beta3:~~community~~~ cpe:/a:akeneo:pim:1.4.0:beta3:~~enterprise~~~ cpe:/a:akeneo:pim:1.4.0:rc1:~~community~~~ cpe:/a:akeneo:pim:1.4.0:rc1:~~enterprise~~~ cpe:/a:akeneo:pim:1.4.1::~~community~~~ cpe:/a:akeneo:pim:1.4.1::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.2::~~community~~~ cpe:/a:akeneo:pim:1.4.2::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.3::~~community~~~ cpe:/a:akeneo:pim:1.4.3::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.4::~~community~~~ cpe:/a:akeneo:pim:1.4.4::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.5::~~community~~~ cpe:/a:akeneo:pim:1.4.5::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.6::~~community~~~ cpe:/a:akeneo:pim:1.4.6::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.7::~~community~~~ cpe:/a:akeneo:pim:1.4.7::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.8::~~community~~~ cpe:/a:akeneo:pim:1.4.8::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.9::~~community~~~ cpe:/a:akeneo:pim:1.4.9::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.10::~~community~~~ cpe:/a:akeneo:pim:1.4.10::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.11::~~community~~~ cpe:/a:akeneo:pim:1.4.11::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.12::~~community~~~ cpe:/a:akeneo:pim:1.4.12::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.13::~~community~~~ cpe:/a:akeneo:pim:1.4.13::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.14::~~community~~~ cpe:/a:akeneo:pim:1.4.14::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.15::~~community~~~ cpe:/a:akeneo:pim:1.4.15::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.16::~~community~~~ cpe:/a:akeneo:pim:1.4.16::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.17::~~community~~~ cpe:/a:akeneo:pim:1.4.17::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.18::~~community~~~ cpe:/a:akeneo:pim:1.4.18::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.19::~~community~~~ cpe:/a:akeneo:pim:1.4.19::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.20::~~community~~~ cpe:/a:akeneo:pim:1.4.20::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.21::~~community~~~ cpe:/a:akeneo:pim:1.4.21::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.22::~~community~~~ cpe:/a:akeneo:pim:1.4.22::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.23::~~community~~~ cpe:/a:akeneo:pim:1.4.23::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.24::~~community~~~ cpe:/a:akeneo:pim:1.4.24::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.25::~~community~~~ cpe:/a:akeneo:pim:1.4.25::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.26::~~community~~~ cpe:/a:akeneo:pim:1.4.26::~~enterprise~~~ cpe:/a:akeneo:pim:1.4.27::~~community~~~ cpe:/a:akeneo:pim:1.4.27::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.0::~~community~~~ cpe:/a:akeneo:pim:1.5.0::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.0:alpha1:~~community~~~ cpe:/a:akeneo:pim:1.5.0:alpha1:~~enterprise~~~ cpe:/a:akeneo:pim:1.5.0:beta1:~~community~~~ cpe:/a:akeneo:pim:1.5.0:beta1:~~enterprise~~~ cpe:/a:akeneo:pim:1.5.0:rc1:~~community~~~ cpe:/a:akeneo:pim:1.5.0:rc1:~~enterprise~~~ cpe:/a:akeneo:pim:1.5.1::~~community~~~ cpe:/a:akeneo:pim:1.5.1::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.2::~~community~~~ cpe:/a:akeneo:pim:1.5.2::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.3::~~community~~~ cpe:/a:akeneo:pim:1.5.3::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.4::~~community~~~ cpe:/a:akeneo:pim:1.5.4::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.5::~~community~~~ cpe:/a:akeneo:pim:1.5.5::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.6::~~community~~~ cpe:/a:akeneo:pim:1.5.6::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.7::~~community~~~ cpe:/a:akeneo:pim:1.5.7::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.8::~~community~~~ cpe:/a:akeneo:pim:1.5.8::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.9::~~community~~~ cpe:/a:akeneo:pim:1.5.9::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.10::~~community~~~ cpe:/a:akeneo:pim:1.5.10::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.11::~~community~~~ cpe:/a:akeneo:pim:1.5.11::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.12::~~community~~~ cpe:/a:akeneo:pim:1.5.12::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.13::~~community~~~ cpe:/a:akeneo:pim:1.5.13::~~enterprise~~~ cpe:/a:akeneo:pim:1.5.14::~~community~~~ cpe:/a:akeneo:pim:1.5.14::~~enterprise~~~ cpe:/a:akeneo:pim:1.6.0::~~community~~~ cpe:/a:akeneo:pim:1.6.0::~~enterprise~~~ cpe:/a:akeneo:pim:1.6.0:alpha1:~~community~~~ cpe:/a:akeneo:pim:1.6.0:alpha1:~~enterprise~~~ cpe:/a:akeneo:pim:1.6.0:alpha2:~~community~~~ cpe:/a:akeneo:pim:1.6.0:alpha2:~~enterprise~~~ cpe:/a:akeneo:pim:1.6.0:rc1:~~community~~~ cpe:/a:akeneo:pim:1.6.0:rc1:~~enterprise~~~ cpe:/a:akeneo:pim:1.6.1::~~community~~~ cpe:/a:akeneo:pim:1.6.1::~~enterprise~~~ cpe:/a:akeneo:pim:1.6.2::~~community~~~ cpe:/a:akeneo:pim:1.6.2::~~enterprise~~~ cpe:/a:akeneo:pim:1.6.3::~~community~~~ cpe:/a:akeneo:pim:1.6.3::~~enterprise~~~ cpe:/a:akeneo:pim:1.6.4::~~community~~~ cpe:/a:akeneo:pim:1.6.4::~~enterprise~~~ cpe:/a:akeneo:pim:1.6.5::~~community~~~ cpe:/a:akeneo:pim:1.6.5::~~enterprise~~~

CVE-2017-1000009

2017-07-17T09:18:16.187-04:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-08-08T13:02:15.453-04:00

CONFIRM https://github.com/akeneo/pim-community-dev/blob/1.5/CHANGELOG-1.5.md#bug-fixes-2 CONFIRM https://github.com/akeneo/pim-community-dev/blob/master/CHANGELOG-1.4.md#bug-fixes CONFIRM https://github.com/akeneo/pim-community-dev/blob/master/CHANGELOG-1.6.md#bug-fixes-2 Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution.

cpe:/a:audacity:audacity:2.1.2

CVE-2017-1000010

2017-07-17T09:18:16.220-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-19T09:58:22.967-04:00

MISC https://packetstormsecurity.com/files/140365/Audacity-2.1.2-DLL-Hijacking.html Audacity version 2.1.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution

cpe:/a:mywebsql:mywebsql:3.6

CVE-2017-1000011

2017-07-17T09:18:16.267-04:00

2017-07-20T10:59:01.257-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-19T10:10:43.793-04:00

MISC https://github.com/Samnan/MyWebSQL MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information

cpe:/a:mysqldumper:mysqldumper:1.24

CVE-2017-1000012

2017-07-17T09:18:16.297-04:00

2017-08-15T14:38:25.577-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-08-15T12:35:31.363-04:00

MISC https://github.com/DSB/MySQLDumper MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user

cpe:/a:phpmyadmin:phpmyadmin:4.0.0 cpe:/a:phpmyadmin:phpmyadmin:4.0.0:rc2 cpe:/a:phpmyadmin:phpmyadmin:4.0.0:rc3 cpe:/a:phpmyadmin:phpmyadmin:4.0.1 cpe:/a:phpmyadmin:phpmyadmin:4.0.2 cpe:/a:phpmyadmin:phpmyadmin:4.0.3 cpe:/a:phpmyadmin:phpmyadmin:4.0.4 cpe:/a:phpmyadmin:phpmyadmin:4.0.4.1 cpe:/a:phpmyadmin:phpmyadmin:4.0.4.2 cpe:/a:phpmyadmin:phpmyadmin:4.0.5 cpe:/a:phpmyadmin:phpmyadmin:4.0.6 cpe:/a:phpmyadmin:phpmyadmin:4.0.7 cpe:/a:phpmyadmin:phpmyadmin:4.0.8 cpe:/a:phpmyadmin:phpmyadmin:4.0.9 cpe:/a:phpmyadmin:phpmyadmin:4.0.10 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.1 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.2 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.3 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.4 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.5 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.6 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.7 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.8 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.9 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.10 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.11 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.12 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.13 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.14 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.15 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.16 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.17 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.18 cpe:/a:phpmyadmin:phpmyadmin:4.4.0 cpe:/a:phpmyadmin:phpmyadmin:4.4.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.1.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.2 cpe:/a:phpmyadmin:phpmyadmin:4.4.3 cpe:/a:phpmyadmin:phpmyadmin:4.4.4 cpe:/a:phpmyadmin:phpmyadmin:4.4.5 cpe:/a:phpmyadmin:phpmyadmin:4.4.6 cpe:/a:phpmyadmin:phpmyadmin:4.4.6.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.7 cpe:/a:phpmyadmin:phpmyadmin:4.4.8 cpe:/a:phpmyadmin:phpmyadmin:4.4.9 cpe:/a:phpmyadmin:phpmyadmin:4.4.10 cpe:/a:phpmyadmin:phpmyadmin:4.4.11 cpe:/a:phpmyadmin:phpmyadmin:4.4.12 cpe:/a:phpmyadmin:phpmyadmin:4.4.13 cpe:/a:phpmyadmin:phpmyadmin:4.4.13.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.14.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.15 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.2 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.3 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.4 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.5 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.6 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.7 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.8 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.9 cpe:/a:phpmyadmin:phpmyadmin:4.6.0 cpe:/a:phpmyadmin:phpmyadmin:4.6.0:alpha1 cpe:/a:phpmyadmin:phpmyadmin:4.6.0:rc1 cpe:/a:phpmyadmin:phpmyadmin:4.6.0:rc2 cpe:/a:phpmyadmin:phpmyadmin:4.6.1 cpe:/a:phpmyadmin:phpmyadmin:4.6.2 cpe:/a:phpmyadmin:phpmyadmin:4.6.3 cpe:/a:phpmyadmin:phpmyadmin:4.6.4 cpe:/a:phpmyadmin:phpmyadmin:4.6.5

CVE-2017-1000013

2017-07-17T09:18:16.327-04:00

2019-03-19T14:28:29.587-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2019-03-19T11:28:54.340-04:00

BID 95720 CONFIRM https://www.phpmyadmin.net/security/PMASA-2017-1 phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness

CVE-2017-1000014

2017-07-17T09:18:16.360-04:00

2019-03-19T14:35:59.590-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2019-03-19T11:29:11.277-04:00

BID 95721 CONFIRM https://www.phpmyadmin.net/security/PMASA-2017-3 phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality

CVE-2017-1000015

2017-07-17T09:18:16.407-04:00

2019-03-20T16:44:44.877-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2019-03-19T11:28:31.183-04:00

BID 95726 CONFIRM https://www.phpmyadmin.net/security/PMASA-2017-4 phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters

cpe:/a:phpmyadmin:phpmyadmin:4.6.0 cpe:/a:phpmyadmin:phpmyadmin:4.6.1 cpe:/a:phpmyadmin:phpmyadmin:4.6.2 cpe:/a:phpmyadmin:phpmyadmin:4.6.3 cpe:/a:phpmyadmin:phpmyadmin:4.6.4 cpe:/a:phpmyadmin:phpmyadmin:4.6.5 cpe:/a:phpmyadmin:phpmyadmin:4.6.5.1 cpe:/a:phpmyadmin:phpmyadmin:4.6.5.2

CVE-2017-1000016

2017-07-17T09:18:16.437-04:00

2017-07-26T13:42:21.237-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-24T13:43:07.917-04:00

CONFIRM https://www.phpmyadmin.net/security/PMASA-2017-5 A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.

cpe:/a:phpmyadmin:phpmyadmin:4.0.0 cpe:/a:phpmyadmin:phpmyadmin:4.0.0:rc2 cpe:/a:phpmyadmin:phpmyadmin:4.0.0:rc3 cpe:/a:phpmyadmin:phpmyadmin:4.0.1 cpe:/a:phpmyadmin:phpmyadmin:4.0.2 cpe:/a:phpmyadmin:phpmyadmin:4.0.3 cpe:/a:phpmyadmin:phpmyadmin:4.0.4 cpe:/a:phpmyadmin:phpmyadmin:4.0.4.1 cpe:/a:phpmyadmin:phpmyadmin:4.0.4.2 cpe:/a:phpmyadmin:phpmyadmin:4.0.5 cpe:/a:phpmyadmin:phpmyadmin:4.0.6 cpe:/a:phpmyadmin:phpmyadmin:4.0.7 cpe:/a:phpmyadmin:phpmyadmin:4.0.8 cpe:/a:phpmyadmin:phpmyadmin:4.0.9 cpe:/a:phpmyadmin:phpmyadmin:4.0.10 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.1 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.2 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.3 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.4 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.5 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.6 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.7 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.8 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.9 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.10 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.11 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.12 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.13 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.14 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.15 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.16 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.17 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.18 cpe:/a:phpmyadmin:phpmyadmin:4.4.0 cpe:/a:phpmyadmin:phpmyadmin:4.4.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.1.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.2 cpe:/a:phpmyadmin:phpmyadmin:4.4.3 cpe:/a:phpmyadmin:phpmyadmin:4.4.4 cpe:/a:phpmyadmin:phpmyadmin:4.4.5 cpe:/a:phpmyadmin:phpmyadmin:4.4.6 cpe:/a:phpmyadmin:phpmyadmin:4.4.6.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.7 cpe:/a:phpmyadmin:phpmyadmin:4.4.8 cpe:/a:phpmyadmin:phpmyadmin:4.4.9 cpe:/a:phpmyadmin:phpmyadmin:4.4.10 cpe:/a:phpmyadmin:phpmyadmin:4.4.11 cpe:/a:phpmyadmin:phpmyadmin:4.4.12 cpe:/a:phpmyadmin:phpmyadmin:4.4.13 cpe:/a:phpmyadmin:phpmyadmin:4.4.13.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.14 cpe:/a:phpmyadmin:phpmyadmin:4.4.14.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.15 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.2 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.3 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.4 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.5 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.6 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.7 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.8 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.9 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.10 cpe:/a:phpmyadmin:phpmyadmin:4.6.0 cpe:/a:phpmyadmin:phpmyadmin:4.6.0:alpha1 cpe:/a:phpmyadmin:phpmyadmin:4.6.0:rc1 cpe:/a:phpmyadmin:phpmyadmin:4.6.0:rc2 cpe:/a:phpmyadmin:phpmyadmin:4.6.1 cpe:/a:phpmyadmin:phpmyadmin:4.6.2 cpe:/a:phpmyadmin:phpmyadmin:4.6.3 cpe:/a:phpmyadmin:phpmyadmin:4.6.4 cpe:/a:phpmyadmin:phpmyadmin:4.6.5 cpe:/a:phpmyadmin:phpmyadmin:4.6.5.1 cpe:/a:phpmyadmin:phpmyadmin:4.6.5.2 cpe:/a:phpmyadmin:phpmyadmin:4.6.6

CVE-2017-1000017

2017-07-17T09:18:16.483-04:00

2019-03-25T15:11:45.897-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2019-03-19T11:25:40.523-04:00

BID 95732 CONFIRM https://www.phpmyadmin.net/security/PMASA-2017-6 phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server

cpe:/a:phpmyadmin:phpmyadmin:4.0.0 cpe:/a:phpmyadmin:phpmyadmin:4.0.0:rc2 cpe:/a:phpmyadmin:phpmyadmin:4.0.0:rc3 cpe:/a:phpmyadmin:phpmyadmin:4.0.1 cpe:/a:phpmyadmin:phpmyadmin:4.0.2 cpe:/a:phpmyadmin:phpmyadmin:4.0.3 cpe:/a:phpmyadmin:phpmyadmin:4.0.4 cpe:/a:phpmyadmin:phpmyadmin:4.0.4.1 cpe:/a:phpmyadmin:phpmyadmin:4.0.4.2 cpe:/a:phpmyadmin:phpmyadmin:4.0.5 cpe:/a:phpmyadmin:phpmyadmin:4.0.6 cpe:/a:phpmyadmin:phpmyadmin:4.0.7 cpe:/a:phpmyadmin:phpmyadmin:4.0.8 cpe:/a:phpmyadmin:phpmyadmin:4.0.9 cpe:/a:phpmyadmin:phpmyadmin:4.0.10 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.1 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.2 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.3 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.4 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.5 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.6 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.7 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.8 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.9 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.10 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.11 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.12 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.13 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.14 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.15 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.16 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.17 cpe:/a:phpmyadmin:phpmyadmin:4.0.10.18 cpe:/a:phpmyadmin:phpmyadmin:4.4.0 cpe:/a:phpmyadmin:phpmyadmin:4.4.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.1.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.2 cpe:/a:phpmyadmin:phpmyadmin:4.4.3 cpe:/a:phpmyadmin:phpmyadmin:4.4.4 cpe:/a:phpmyadmin:phpmyadmin:4.4.5 cpe:/a:phpmyadmin:phpmyadmin:4.4.6 cpe:/a:phpmyadmin:phpmyadmin:4.4.6.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.7 cpe:/a:phpmyadmin:phpmyadmin:4.4.8 cpe:/a:phpmyadmin:phpmyadmin:4.4.9 cpe:/a:phpmyadmin:phpmyadmin:4.4.10 cpe:/a:phpmyadmin:phpmyadmin:4.4.11 cpe:/a:phpmyadmin:phpmyadmin:4.4.12 cpe:/a:phpmyadmin:phpmyadmin:4.4.13 cpe:/a:phpmyadmin:phpmyadmin:4.4.13.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.14 cpe:/a:phpmyadmin:phpmyadmin:4.4.14.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.15 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.1 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.2 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.3 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.4 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.5 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.6 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.7 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.8 cpe:/a:phpmyadmin:phpmyadmin:4.4.15.9 cpe:/a:phpmyadmin:phpmyadmin:4.6.0 cpe:/a:phpmyadmin:phpmyadmin:4.6.0:alpha1 cpe:/a:phpmyadmin:phpmyadmin:4.6.0:rc1 cpe:/a:phpmyadmin:phpmyadmin:4.6.0:rc2 cpe:/a:phpmyadmin:phpmyadmin:4.6.1 cpe:/a:phpmyadmin:phpmyadmin:4.6.2 cpe:/a:phpmyadmin:phpmyadmin:4.6.3 cpe:/a:phpmyadmin:phpmyadmin:4.6.4 cpe:/a:phpmyadmin:phpmyadmin:4.6.5 cpe:/a:phpmyadmin:phpmyadmin:4.6.5.1 cpe:/a:phpmyadmin:phpmyadmin:4.6.5.2

CVE-2017-1000018

2017-07-17T09:18:16.517-04:00

2019-03-20T15:17:21.283-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2019-03-19T11:24:31.083-04:00

BID 95738 CONFIRM https://www.phpmyadmin.net/security/PMASA-2017-7 phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name

CVE-2017-1000019

2017-05-07T16:29:00.200-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-5938. Reason: This candidate is a reservation duplicate of CVE-2017-5938. Notes: All CVE users should reference CVE-2017-5938 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/o:ecos:embedded_web_servers:1.3.1

CVE-2017-1000020

2017-07-17T09:18:16.547-04:00

2017-08-15T15:48:48.063-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-07-26T11:05:16.397-04:00

MISC http://ecos.sourceware.org/ecos/problemreport.html SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others."

cpe:/a:logicaldoc:logicaldoc:7.5.3::~~community~~~

CVE-2017-1000021

2017-07-17T09:18:16.577-04:00

2019-03-14T13:19:35.500-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2019-03-14T11:12:43.747-04:00

MISC http://blog.randorisec.fr/logicaldoc-from-guest-to-root/ LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents.

cpe:/a:logicaldoc:logicaldoc:7.5.3::~~community~~~

CVE-2017-1000022

2017-07-17T09:18:16.610-04:00

2019-10-02T20:03:26.223-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2019-03-14T11:10:18.383-04:00

MISC http://blog.randorisec.fr/logicaldoc-from-guest-to-root/ LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation.

cpe:/a:logicaldoc:logicaldoc:7.5.3::~~community~~~

CVE-2017-1000023

2017-07-17T09:18:16.640-04:00

2019-03-14T11:25:52.950-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2019-03-14T11:02:23.703-04:00

MISC http://blog.randorisec.fr/logicaldoc-from-guest-to-root/ LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document.

cpe:/a:gnome:shotwell:0.24.0 cpe:/a:gnome:shotwell:0.24.1 cpe:/a:gnome:shotwell:0.24.2 cpe:/a:gnome:shotwell:0.24.3 cpe:/a:gnome:shotwell:0.24.4 cpe:/a:gnome:shotwell:0.25.0 cpe:/a:gnome:shotwell:0.25.1 cpe:/a:gnome:shotwell:0.25.2 cpe:/a:gnome:shotwell:0.25.3

CVE-2017-1000024

2017-07-17T09:18:16.673-04:00

2019-10-02T20:03:26.223-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2019-05-03T14:13:58.310-04:00

MLIST [shotwell] 20170131 ATTENTION! Shotwell 0.24.5 and 0.25.4 released Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission

cpe:/a:gnome:epiphany:3.18.0 cpe:/a:gnome:epiphany:3.18.1 cpe:/a:gnome:epiphany:3.18.2 cpe:/a:gnome:epiphany:3.18.3 cpe:/a:gnome:epiphany:3.18.4 cpe:/a:gnome:epiphany:3.18.5 cpe:/a:gnome:epiphany:3.18.6 cpe:/a:gnome:epiphany:3.18.7 cpe:/a:gnome:epiphany:3.18.8 cpe:/a:gnome:epiphany:3.18.9 cpe:/a:gnome:epiphany:3.18.10 cpe:/a:gnome:epiphany:3.20.0 cpe:/a:gnome:epiphany:3.20.1 cpe:/a:gnome:epiphany:3.20.2 cpe:/a:gnome:epiphany:3.20.3 cpe:/a:gnome:epiphany:3.20.4 cpe:/a:gnome:epiphany:3.20.5 cpe:/a:gnome:epiphany:3.20.6 cpe:/a:gnome:epiphany:3.22.0 cpe:/a:gnome:epiphany:3.22.1 cpe:/a:gnome:epiphany:3.22.2 cpe:/a:gnome:epiphany:3.22.3 cpe:/a:gnome:epiphany:3.22.4 cpe:/a:gnome:epiphany:3.22.5 cpe:/a:gnome:epiphany:3.23.1 cpe:/a:gnome:epiphany:3.23.1.1 cpe:/a:gnome:epiphany:3.23.1.2 cpe:/a:gnome:epiphany:3.23.2 cpe:/a:gnome:epiphany:3.23.2.1 cpe:/a:gnome:epiphany:3.23.3 cpe:/a:gnome:epiphany:3.23.4

CVE-2017-1000025

2017-07-17T09:18:16.703-04:00

2017-08-04T14:38:01.500-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-19T10:47:26.960-04:00

CONFIRM https://bugzilla.gnome.org/show_bug.cgi?id=752738 MISC https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.

cpe:/a:chef_project:mixlib-archive:0.3.0

CVE-2017-1000026

2017-07-17T09:18:16.733-04:00

2017-07-21T12:36:20.430-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-21T12:30:17.613-04:00

CONFIRM https://github.com/chef/mixlib-archive/blob/master/CHANGELOG.md Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries

cpe:/a:koozali:sme_server:8.0 cpe:/a:koozali:sme_server:9.0 cpe:/a:koozali:sme_server:9.2 cpe:/a:koozali:sme_server:10.0

CVE-2017-1000027

2017-07-17T09:18:16.767-04:00

2017-07-21T12:25:28.907-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-19T11:06:33.460-04:00

MISC https://cp270.wordpress.com/2017/02/02/security-advisory-open-url-redirect-in-sme-server/ MISC https://forums.contribs.org/index.php/topic,52838.0.html Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access.

cpe:/a:oracle:glassfish_server:4.1::~~open_source~~~

CVE-2017-1000028

2017-07-17T09:18:16.813-04:00

2019-05-03T14:27:52.470-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2019-05-03T14:11:14.353-04:00

EXPLOIT-DB 45196 EXPLOIT-DB 45198 MISC https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904 Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.

cpe:/a:oracle:glassfish_server:3.0.1::~~open_source~~~

CVE-2017-1000029

2017-07-17T09:18:16.860-04:00

2017-07-21T12:10:49.587-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-21T12:01:37.540-04:00

MISC https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037 Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.

cpe:/a:oracle:glassfish_server:3.0.1::~~open_source~~~

CVE-2017-1000030

2017-07-17T09:18:16.907-04:00

2017-07-21T11:54:51.737-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-21T10:56:40.530-04:00

MISC https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037 Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface.

cpe:/a:cacti:cacti:0.8.8b

CVE-2017-1000031

2017-07-17T09:18:16.937-04:00

2017-07-19T10:44:55.887-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2017-07-19T09:13:11.603-04:00

MISC https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-007/?fid=7789 SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.

cpe:/a:cacti:cacti:0.8.8b

CVE-2017-1000032

2017-07-17T09:18:16.983-04:00

2017-07-19T12:18:01.003-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-19T08:59:27.333-04:00

MISC https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-007/ Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.

cpe:/a:vospari_forms_project:vospari_forms:1.3::~~~wordpress~~

CVE-2017-1000033

2017-07-17T09:18:17.017-04:00

2017-07-21T10:48:38.197-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-20T15:51:28.540-04:00

MISC https://cjc.im/advisories/0007/ MISC https://wpvulndb.com/vulnerabilities/8862 Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user.

cpe:/a:akka:akka:2.4.16 cpe:/a:akka:akka:2.5:m1

CVE-2017-1000034

2017-07-17T09:18:17.047-04:00

2017-08-04T09:59:22.837-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2017-07-20T13:44:43.247-04:00

CONFIRM http://doc.akka.io/docs/akka/2.4/security/2017-02-10-java-serialization.html Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.

cpe:/a:tt-rss:tiny_tiny_rss:-

CVE-2017-1000035

2017-07-17T09:18:17.077-04:00

2017-10-06T21:29:00.883-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM https://git.tt-rss.org/git/tt-rss/commit/829d478f1b054c8ce1eeb4f15170dc4a1abb3e47 Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack

CVE-2017-1000036

2017-07-17T09:18:17.110-04:00

2017-10-30T21:29:01.103-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.

cpe:/a:rvm_project:rvm:1.28.0

CVE-2017-1000037

2017-07-17T09:18:17.140-04:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-07-26T11:58:10.757-04:00

MISC https://github.com/justinsteven/advisories/blob/master/2017_rvm_cd_command_execution.md RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically installs gems as specified by files in $PWD resulting in code execution RVM automatically does "bundle install" on a Gemfile specified by .versions.conf in $PWD resulting in code execution

cpe:/a:relevanssi:relevanssi:3.5.7.1::~~~wordpress~~

CVE-2017-1000038

2017-07-17T09:18:17.173-04:00

2017-07-20T14:54:46.203-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-20T14:54:10.297-04:00

MISC https://security.dxw.com/advisories/stored-xss-in-relevanssi-could-allow-an-unauthenticated-attacker-to-do-almost-anything-an-admin-can-do/ WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site

cpe:/a:framasoft:framadate:1.0

CVE-2017-1000039

2017-07-17T09:18:17.203-04:00

2017-07-19T13:27:16.440-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-07-19T11:53:01.877-04:00

CONFIRM https://framagit.org/framasoft/framadate/issues/220 Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution

CVE-2017-1000040

2017-05-07T16:29:00.230-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7853. Reason: This candidate is a reservation duplicate of CVE-2017-7853. Notes: All CVE users should reference CVE-2017-7853 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2017-1000041

2017-05-07T16:29:00.263-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7271. Reason: This candidate is a reservation duplicate of CVE-2017-7271. Notes: All CVE users should reference CVE-2017-7271 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/a:mapbox_project:mapbox:1.0.0 cpe:/a:mapbox_project:mapbox:1.0.1 cpe:/a:mapbox_project:mapbox:1.0.2 cpe:/a:mapbox_project:mapbox:1.0.3 cpe:/a:mapbox_project:mapbox:1.0.4 cpe:/a:mapbox_project:mapbox:1.1.0 cpe:/a:mapbox_project:mapbox:1.2.0 cpe:/a:mapbox_project:mapbox:1.3.0 cpe:/a:mapbox_project:mapbox:1.3.1 cpe:/a:mapbox_project:mapbox:1.4.0 cpe:/a:mapbox_project:mapbox:1.4.1 cpe:/a:mapbox_project:mapbox:1.4.2 cpe:/a:mapbox_project:mapbox:1.5.0 cpe:/a:mapbox_project:mapbox:1.5.1 cpe:/a:mapbox_project:mapbox:1.5.2 cpe:/a:mapbox_project:mapbox:1.6.0 cpe:/a:mapbox_project:mapbox:1.6.0:beta cpe:/a:mapbox_project:mapbox:1.6.0:beta0 cpe:/a:mapbox_project:mapbox:1.6.1 cpe:/a:mapbox_project:mapbox:1.6.2 cpe:/a:mapbox_project:mapbox:1.6.2:beta0 cpe:/a:mapbox_project:mapbox:1.6.4 cpe:/a:mapbox_project:mapbox:2.0.0 cpe:/a:mapbox_project:mapbox:2.0.0:beta0 cpe:/a:mapbox_project:mapbox:2.0.0:beta1 cpe:/a:mapbox_project:mapbox:2.0.1 cpe:/a:mapbox_project:mapbox:2.1.0 cpe:/a:mapbox_project:mapbox:2.1.1 cpe:/a:mapbox_project:mapbox:2.1.2 cpe:/a:mapbox_project:mapbox:2.1.3 cpe:/a:mapbox_project:mapbox:2.1.4 cpe:/a:mapbox_project:mapbox:2.1.5 cpe:/a:mapbox_project:mapbox:2.1.6

CVE-2017-1000042

2017-07-17T09:18:17.250-04:00

2017-07-20T14:49:37.480-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-20T11:18:35.230-04:00

MISC https://hackerone.com/reports/54327 CONFIRM https://nodesecurity.io/advisories/49 Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.

cpe:/a:mapbox_project:mapbox:1.0.0 cpe:/a:mapbox_project:mapbox:1.0.1 cpe:/a:mapbox_project:mapbox:1.0.2 cpe:/a:mapbox_project:mapbox:1.0.3 cpe:/a:mapbox_project:mapbox:1.0.4 cpe:/a:mapbox_project:mapbox:1.1.0 cpe:/a:mapbox_project:mapbox:1.2.0 cpe:/a:mapbox_project:mapbox:1.3.0 cpe:/a:mapbox_project:mapbox:1.3.1 cpe:/a:mapbox_project:mapbox:1.4.0 cpe:/a:mapbox_project:mapbox:1.4.1 cpe:/a:mapbox_project:mapbox:1.4.2 cpe:/a:mapbox_project:mapbox:1.5.0 cpe:/a:mapbox_project:mapbox:1.5.1 cpe:/a:mapbox_project:mapbox:1.5.2 cpe:/a:mapbox_project:mapbox:1.6.0 cpe:/a:mapbox_project:mapbox:1.6.0:beta cpe:/a:mapbox_project:mapbox:1.6.0:beta0 cpe:/a:mapbox_project:mapbox:1.6.1 cpe:/a:mapbox_project:mapbox:1.6.2 cpe:/a:mapbox_project:mapbox:1.6.2:beta0 cpe:/a:mapbox_project:mapbox:1.6.4 cpe:/a:mapbox_project:mapbox:1.6.5 cpe:/a:mapbox_project:mapbox:2.0.0 cpe:/a:mapbox_project:mapbox:2.0.0:beta0 cpe:/a:mapbox_project:mapbox:2.0.0:beta1 cpe:/a:mapbox_project:mapbox:2.0.1 cpe:/a:mapbox_project:mapbox:2.1.0 cpe:/a:mapbox_project:mapbox:2.1.1 cpe:/a:mapbox_project:mapbox:2.1.2 cpe:/a:mapbox_project:mapbox:2.1.3 cpe:/a:mapbox_project:mapbox:2.1.4 cpe:/a:mapbox_project:mapbox:2.1.5 cpe:/a:mapbox_project:mapbox:2.1.6 cpe:/a:mapbox_project:mapbox:2.1.7 cpe:/a:mapbox_project:mapbox:2.1.8 cpe:/a:mapbox_project:mapbox:2.1.9 cpe:/a:mapbox_project:mapbox:2.2.0 cpe:/a:mapbox_project:mapbox:2.2.1 cpe:/a:mapbox_project:mapbox:2.2.2 cpe:/a:mapbox_project:mapbox:2.2.3

CVE-2017-1000043

2017-07-17T09:18:17.280-04:00

2017-07-20T14:46:37.100-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-20T11:06:59.760-04:00

MISC https://hackerone.com/reports/99245 CONFIRM https://nodesecurity.io/advisories/74 Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control

cpe:/a:gnome:gtk-vnc:0.4.2

CVE-2017-1000044

2017-07-17T09:18:17.327-04:00

2017-07-19T13:12:40.287-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-07-19T12:04:30.270-04:00

CONFIRM https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737 gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering

CVE-2017-1000045

2017-07-17T09:18:17.360-04:00

2017-10-30T21:29:01.180-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.

cpe:/a:mautic:mautic:2.6.1

CVE-2017-1000046

2017-07-17T09:18:17.390-04:00

2019-10-02T20:03:26.223-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-20T09:19:02.813-04:00

MISC https://www.trustmatta.com/advisories/MATTA-2017-002.txt Mautic 2.6.1 and earlier fails to set flags on session cookies

cpe:/a:rbenv:rbenv:-

CVE-2017-1000047

2017-07-17T09:18:17.423-04:00

2017-07-21T11:26:51.897-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-07-21T10:01:13.780-04:00

MISC https://github.com/justinsteven/advisories/blob/master/2017_rbenv_ruby_version_directory_traversal.md rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution

cpe:/a:qs_project:qs:1.0.0 cpe:/a:qs_project:qs:1.0.1 cpe:/a:qs_project:qs:1.0.2 cpe:/a:qs_project:qs:1.1.0 cpe:/a:qs_project:qs:1.2.0 cpe:/a:qs_project:qs:1.2.1 cpe:/a:qs_project:qs:2.3.1 cpe:/a:qs_project:qs:2.3.2 cpe:/a:qs_project:qs:2.3.3 cpe:/a:qs_project:qs:2.4.0 cpe:/a:qs_project:qs:2.4.1 cpe:/a:qs_project:qs:2.4.2 cpe:/a:qs_project:qs:3.0.0 cpe:/a:qs_project:qs:3.1.0 cpe:/a:qs_project:qs:4.0.0 cpe:/a:qs_project:qs:5.0.0 cpe:/a:qs_project:qs:5.1.0 cpe:/a:qs_project:qs:5.2.0 cpe:/a:qs_project:qs:5.2.1 cpe:/a:qs_project:qs:6.0.0 cpe:/a:qs_project:qs:6.0.1 cpe:/a:qs_project:qs:6.0.2 cpe:/a:qs_project:qs:6.0.3 cpe:/a:qs_project:qs:6.1.0 cpe:/a:qs_project:qs:6.1.1 cpe:/a:qs_project:qs:6.2.0 cpe:/a:qs_project:qs:6.2.1 cpe:/a:qs_project:qs:6.2.2 cpe:/a:qs_project:qs:6.3.0 cpe:/a:qs_project:qs:6.3.1

CVE-2017-1000048

2017-07-17T09:18:17.453-04:00

2017-12-30T21:29:00.847-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov REDHAT RHSA-2017:2672 CONFIRM https://github.com/ljharb/qs/issues/200 the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.

CVE-2017-1000049

2017-07-17T09:18:17.500-04:00

2017-07-20T21:29:00.943-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8864. Reason: This candidate is a reservation duplicate of CVE-2015-8864. Notes: All CVE users should reference CVE-2015-8864 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/a:jasper_project:jasper:2.0.12

CVE-2017-1000050

2017-07-17T09:18:17.530-04:00

2018-11-07T06:29:02.647-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MLIST [oss-security] 20170305 CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) BID 96595 REDHAT RHSA-2018:3253 REDHAT RHSA-2018:3505 GENTOO GLSA-201908-03 UBUNTU USN-3693-1 JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.

cpe:/a:xwiki:cryptpad:1.1.0

CVE-2017-1000051

2017-07-17T09:18:17.563-04:00

2017-07-20T15:59:15.483-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-20T15:56:39.480-04:00

CONFIRM https://blog.cryptpad.fr/2017/03/06/Security-growing-pains/ CONFIRM https://github.com/xwiki-labs/cryptpad/releases/tag/1.1.1 Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content

cpe:/a:elixir-plug:plug:1.0.0 cpe:/a:elixir-plug:plug:1.0.1 cpe:/a:elixir-plug:plug:1.0.2 cpe:/a:elixir-plug:plug:1.0.3 cpe:/a:elixir-plug:plug:1.1.0 cpe:/a:elixir-plug:plug:1.1.1 cpe:/a:elixir-plug:plug:1.1.2 cpe:/a:elixir-plug:plug:1.1.3 cpe:/a:elixir-plug:plug:1.1.4 cpe:/a:elixir-plug:plug:1.1.5 cpe:/a:elixir-plug:plug:1.1.6 cpe:/a:elixir-plug:plug:1.2.0 cpe:/a:elixir-plug:plug:1.2.1 cpe:/a:elixir-plug:plug:1.2.2 cpe:/a:elixir-plug:plug:1.3.0 cpe:/a:elixir-plug:plug:1.3.1

CVE-2017-1000052

2017-07-17T09:18:17.593-04:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-07-24T09:46:36.610-04:00

CONFIRM https://elixirforum.com/t/security-releases-for-plug/3913 Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.

CVE-2017-1000053

2017-07-17T09:18:17.627-04:00

2017-08-03T11:54:13.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-24T09:27:03.160-04:00

CONFIRM https://elixirforum.com/t/security-releases-for-plug/3913 Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.

cpe:/a:rocketchat:rocket.chat:0.8.0 cpe:/a:rocketchat:rocket.chat:0.9.0 cpe:/a:rocketchat:rocket.chat:0.10.0 cpe:/a:rocketchat:rocket.chat:0.10.1 cpe:/a:rocketchat:rocket.chat:0.10.2 cpe:/a:rocketchat:rocket.chat:0.11.0 cpe:/a:rocketchat:rocket.chat:0.12.0 cpe:/a:rocketchat:rocket.chat:0.12.1 cpe:/a:rocketchat:rocket.chat:0.13.0 cpe:/a:rocketchat:rocket.chat:0.14.0 cpe:/a:rocketchat:rocket.chat:0.15.0 cpe:/a:rocketchat:rocket.chat:0.16.0 cpe:/a:rocketchat:rocket.chat:0.17.0 cpe:/a:rocketchat:rocket.chat:0.18.0 cpe:/a:rocketchat:rocket.chat:0.18.1 cpe:/a:rocketchat:rocket.chat:0.19.0 cpe:/a:rocketchat:rocket.chat:0.20.0 cpe:/a:rocketchat:rocket.chat:0.21.0 cpe:/a:rocketchat:rocket.chat:0.22.0 cpe:/a:rocketchat:rocket.chat:0.23.0 cpe:/a:rocketchat:rocket.chat:0.24.0 cpe:/a:rocketchat:rocket.chat:0.25.0 cpe:/a:rocketchat:rocket.chat:0.26.0 cpe:/a:rocketchat:rocket.chat:0.27.0 cpe:/a:rocketchat:rocket.chat:0.28.0 cpe:/a:rocketchat:rocket.chat:0.29.0 cpe:/a:rocketchat:rocket.chat:0.30.0 cpe:/a:rocketchat:rocket.chat:0.31.0 cpe:/a:rocketchat:rocket.chat:0.32.0 cpe:/a:rocketchat:rocket.chat:0.33.0 cpe:/a:rocketchat:rocket.chat:0.34.0 cpe:/a:rocketchat:rocket.chat:0.35.0 cpe:/a:rocketchat:rocket.chat:0.36.0 cpe:/a:rocketchat:rocket.chat:0.37.0 cpe:/a:rocketchat:rocket.chat:0.37.1 cpe:/a:rocketchat:rocket.chat:0.38.0 cpe:/a:rocketchat:rocket.chat:0.39.0 cpe:/a:rocketchat:rocket.chat:0.40.1 cpe:/a:rocketchat:rocket.chat:0.41.0 cpe:/a:rocketchat:rocket.chat:0.42.0 cpe:/a:rocketchat:rocket.chat:0.43.0 cpe:/a:rocketchat:rocket.chat:0.44.0 cpe:/a:rocketchat:rocket.chat:0.45.0 cpe:/a:rocketchat:rocket.chat:0.46.0 cpe:/a:rocketchat:rocket.chat:0.47.0 cpe:/a:rocketchat:rocket.chat:0.47.1 cpe:/a:rocketchat:rocket.chat:0.48.0 cpe:/a:rocketchat:rocket.chat:0.48.1 cpe:/a:rocketchat:rocket.chat:0.48.2 cpe:/a:rocketchat:rocket.chat:0.49.0 cpe:/a:rocketchat:rocket.chat:0.49.1 cpe:/a:rocketchat:rocket.chat:0.49.2 cpe:/a:rocketchat:rocket.chat:0.49.3 cpe:/a:rocketchat:rocket.chat:0.49.4 cpe:/a:rocketchat:rocket.chat:0.50.0 cpe:/a:rocketchat:rocket.chat:0.50.1 cpe:/a:rocketchat:rocket.chat:0.51.0 cpe:/a:rocketchat:rocket.chat:0.52.0 cpe:/a:rocketchat:rocket.chat:0.53.0 cpe:/a:rocketchat:rocket.chat:0.54.0 cpe:/a:rocketchat:rocket.chat:0.54.1 cpe:/a:rocketchat:rocket.chat:0.54.2 cpe:/a:rocketchat:rocket.chat:0.55.0 cpe:/a:rocketchat:rocket.chat:0.55.1 cpe:/a:rocketchat:rocket.chat:0.56.0 cpe:/a:rocketchat:rocket.chat:0.57.0 cpe:/a:rocketchat:rocket.chat:0.57.0:rc0 cpe:/a:rocketchat:rocket.chat:0.57.0:rc1 cpe:/a:rocketchat:rocket.chat:0.57.0:rc2 cpe:/a:rocketchat:rocket.chat:0.57.0:rc3 cpe:/a:rocketchat:rocket.chat:0.57.1 cpe:/a:rocketchat:rocket.chat:0.57.2

CVE-2017-1000054

2017-07-17T09:18:17.673-04:00

2017-07-19T13:38:24.857-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-19T11:24:16.940-04:00

MISC https://www.theblazehen.com/posts/CVE-2017-xxxxxx-rocketchat-xss-with-markdown-url-handling-in-messages/ Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.

CVE-2017-1000055

2017-07-17T09:18:17.703-04:00

2017-07-17T09:18:17.720-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

cpe:/a:kubernetes:kubernetes:1.5.0 cpe:/a:kubernetes:kubernetes:1.5.1 cpe:/a:kubernetes:kubernetes:1.5.2 cpe:/a:kubernetes:kubernetes:1.5.3 cpe:/a:kubernetes:kubernetes:1.5.4

CVE-2017-1000056

2017-07-17T09:18:17.750-04:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-07-19T11:04:10.087-04:00

CONFIRM https://github.com/kubernetes/kubernetes/issues/43459 Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.

CVE-2017-1000057

2017-07-17T09:18:17.780-04:00

2017-10-30T21:29:01.307-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.

cpe:/a:chevereto:chevereto:3.8.10

CVE-2017-1000058

2017-07-17T09:18:17.813-04:00

2017-10-30T21:29:01.383-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM https://chevereto.com/changelog Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser.

cpe:/a:livehelperchat:live_helper_chat:2.06

CVE-2017-1000059

2017-07-17T09:18:17.843-04:00

2017-07-20T13:56:04.453-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-20T12:44:23.940-04:00

MISC https://www.compass-security.com/research/advisories/ Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users.

cpe:/a:eyesofnetwork:eyesofnetwork:5.1

CVE-2017-1000060

2017-07-17T09:18:17.877-04:00

2017-07-19T12:49:11.293-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-07-19T12:27:58.467-04:00

MISC https://rioru.github.io/pentest/web/2017/03/28/from-unauthenticated-to-root-supervision.html EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root

cpe:/a:xmlsec_project:xmlsec:1.2.23

CVE-2017-1000061

2017-07-17T09:18:17.923-04:00

2018-01-04T21:31:25.010-05:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

PARTIAL

http://nvd.nist.gov REDHAT RHSA-2017:2492 CONFIRM https://github.com/lsh123/xmlsec/issues/43 xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

cpe:/a:kitto_project:kitto:0.5.1

CVE-2017-1000062

2017-07-17T09:18:17.953-04:00

2017-07-19T13:43:00.973-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-19T12:11:28.217-04:00

MISC https://elixirforum.com/t/kitto-a-framework-for-interactive-dashboards/2089/13 kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution

cpe:/a:kitto_project:kitto:0.5.1

CVE-2017-1000063

2017-07-17T09:18:17.983-04:00

2017-07-19T12:52:36.037-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-19T12:15:23.097-04:00

MISC https://elixirforum.com/t/kitto-a-framework-for-interactive-dashboards/2089/13 kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure

cpe:/a:kitto_project:kitto:0.5.1

CVE-2017-1000064

2017-07-17T09:18:18.017-04:00

2017-07-19T12:51:03.407-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-07-19T12:19:46.817-04:00

MISC https://elixirforum.com/t/kitto-a-framework-for-interactive-dashboards/2089/13 kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS

cpe:/a:openmediavault:openmediavault:2.1

CVE-2017-1000065

2017-07-17T09:18:18.063-04:00

2017-07-21T11:10:42.847-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-20T12:58:31.077-04:00

CONFIRM https://github.com/openmediavault/openmediavault/commit/b2db1e24d0e52b961b5c3b3329b6ee717cac53a2 Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser.

cpe:/a:keepass:keepass:1.32

CVE-2017-1000066

2017-07-17T09:18:18.093-04:00

2019-10-02T20:03:26.223-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-20T09:33:03.207-04:00

CONFIRM http://keepass.info/news/news_all.html The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information.

cpe:/a:modx:revolution:2.0.0 cpe:/a:modx:revolution:2.0.0:rc1 cpe:/a:modx:revolution:2.0.0:rc2 cpe:/a:modx:revolution:2.0.0:rc3 cpe:/a:modx:revolution:2.0.1 cpe:/a:modx:revolution:2.1.0 cpe:/a:modx:revolution:2.1.0:p12 cpe:/a:modx:revolution:2.1.1 cpe:/a:modx:revolution:2.1.1:p12 cpe:/a:modx:revolution:2.1.2 cpe:/a:modx:revolution:2.1.3 cpe:/a:modx:revolution:2.1.4 cpe:/a:modx:revolution:2.1.5 cpe:/a:modx:revolution:2.2.0 cpe:/a:modx:revolution:2.2.0:rc1 cpe:/a:modx:revolution:2.2.0:rc2 cpe:/a:modx:revolution:2.2.0:rc3 cpe:/a:modx:revolution:2.2.1 cpe:/a:modx:revolution:2.2.2 cpe:/a:modx:revolution:2.2.3 cpe:/a:modx:revolution:2.2.4 cpe:/a:modx:revolution:2.2.5 cpe:/a:modx:revolution:2.2.6 cpe:/a:modx:revolution:2.2.7 cpe:/a:modx:revolution:2.2.8 cpe:/a:modx:revolution:2.2.9 cpe:/a:modx:revolution:2.3.0 cpe:/a:modx:revolution:2.3.1 cpe:/a:modx:revolution:2.4.0 cpe:/a:modx:revolution:2.4.1 cpe:/a:modx:revolution:2.5.0 cpe:/a:modx:revolution:2.5.1 cpe:/a:modx:revolution:2.5.2 cpe:/a:modx:revolution:2.5.3 cpe:/a:modx:revolution:2.5.4 cpe:/a:modx:revolution:2.5.5 cpe:/a:modx:revolution:2.5.6

CVE-2017-1000067

2017-07-17T09:18:18.127-04:00

2017-07-21T12:59:26.980-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2017-07-20T13:53:27.170-04:00

CONFIRM https://github.com/modxcms/revolution/blob/9bf1c6cf7bdc12190b404f93ce7798b39c07bc59/core/xpdo/changelog.txt MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.

cpe:/a:betterment:test_track:1.0

CVE-2017-1000068

2017-07-17T09:18:18.157-04:00

2017-08-04T10:34:24.887-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-07-20T09:45:39.800-04:00

MISC https://github.com/Betterment/test_track/releases/tag/v1.0.1 TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field.

cpe:/a:oauth2_proxy_project:oauth2_proxy:2.1

CVE-2017-1000069

2017-07-17T09:18:18.187-04:00

2017-07-20T12:23:37.560-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-07-20T10:05:36.720-04:00

MISC https://github.com/bitly/oauth2_proxy/pull/360 CSRF in Bitly oauth2_proxy 2.1 during authentication flow

cpe:/a:oauth2_proxy_project:oauth2_proxy:2.1

CVE-2017-1000070

2017-07-17T09:18:18.220-04:00

2017-07-20T12:26:26.063-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-07-20T10:10:38.807-04:00

CONFIRM https://github.com/bitly/oauth2_proxy/pull/359 MISC https://tools.ietf.org/html/rfc6819#section-5.2.3.5 The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819

cpe:/a:apereo:phpcas:1.3.4

CVE-2017-1000071

2017-07-17T09:18:18.267-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-08-03T13:28:36.777-04:00

BID 99609 CONFIRM https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog CONFIRM https://github.com/Jasig/phpCAS/issues/228 Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.

cpe:/a:creolabs:gravity:1.0

CVE-2017-1000072

2017-07-17T09:18:18.297-04:00

2017-07-19T14:54:14.857-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-07-19T12:17:49.863-04:00

CONFIRM https://github.com/marcobambini/gravity/issues/123 Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations

cpe:/a:creolabs:gravity:1.0

CVE-2017-1000073

2017-07-17T09:18:18.327-04:00

2017-07-19T12:51:51.520-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-07-19T12:16:57.660-04:00

CONFIRM https://github.com/marcobambini/gravity/issues/129 Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution.

cpe:/a:creolabs:gravity:1.0

CVE-2017-1000074

2017-07-17T09:18:18.360-04:00

2017-07-19T12:51:59.880-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-07-19T12:16:15.237-04:00

CONFIRM https://github.com/marcobambini/gravity/issues/131 Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function.

cpe:/a:creolabs:gravity:1.0

CVE-2017-1000075

2017-07-17T09:18:18.390-04:00

2017-07-19T12:53:30.230-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-07-19T12:13:42.627-04:00

CONFIRM https://github.com/marcobambini/gravity/issues/133 Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function

CVE-2017-1000076

2017-10-04T21:29:03.430-04:00

2017-10-04T21:29:03.447-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.

CVE-2017-1000077

2017-10-04T21:29:03.477-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.

CVE-2017-1000078

2017-07-17T09:18:18.423-04:00

2018-01-24T21:29:00.473-05:00

CONFIRM https://wiki.onosproject.org/display/ONOS/Security+advisories Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration

CVE-2017-1000079

2017-07-17T09:18:18.453-04:00

2018-01-24T21:29:00.537-05:00

CONFIRM https://wiki.onosproject.org/display/ONOS/Security+advisories Linux foundation ONOS 1.9.0 is vulnerable to a DoS.

CVE-2017-1000080

2017-07-17T09:18:18.483-04:00

2018-01-24T21:29:00.630-05:00

CONFIRM https://wiki.onosproject.org/display/ONOS/Security+advisories Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.

CVE-2017-1000081

2017-07-17T09:18:18.517-04:00

2018-01-24T21:29:00.723-05:00

CONFIRM https://wiki.onosproject.org/display/ONOS/Security+advisories Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.

cpe:/a:freedesktop:systemd:233

CVE-2017-1000082

2017-07-07T13:29:00.277-04:00

2017-07-22T21:29:01.640-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MLIST [oss-security] 20170702 systemd fails to parse user that should run service BID 99507 SECTRACK 1038839 CONFIRM https://github.com/systemd/systemd/issues/6237 systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.

cpe:/a:gnome:evince:3.24.0 cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0 cpe:/o:redhat:enterprise_linux_desktop:7.0 cpe:/o:redhat:enterprise_linux_server:7.0 cpe:/o:redhat:enterprise_linux_server:7.4 cpe:/o:redhat:enterprise_linux_server:7.5 cpe:/o:redhat:enterprise_linux_server:7.6 cpe:/o:redhat:enterprise_linux_server_aus:7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.4 cpe:/o:redhat:enterprise_linux_server_tus:7.6 cpe:/o:redhat:enterprise_linux_workstation:7.0

CVE-2017-1000083

2017-09-05T02:29:00.180-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2019-03-04T10:01:28.967-05:00

MISC http://seclists.org/oss-sec/2017/q3/128 DEBIAN DSA-3911 BID 99597 REDHAT RHSA-2017:2388 MISC https://bugzilla.gnome.org/show_bug.cgi?id=784630 MISC https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee EXPLOIT-DB 45824 EXPLOIT-DB 46341 backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

cpe:/a:jenkins:parameterized_trigger:1.0::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:1.1::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:1.2::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:1.3::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:1.4::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:1.5::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:1.6::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.0::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.1::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.2::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.3::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.4::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.5::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.6::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.7::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.8::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.9::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.10::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.11::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.12::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.13::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.14::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.15::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.16::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.17::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.18::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.19::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.20::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.21::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.22::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.23::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.24::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.25::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.26::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.27::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.28::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.29::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.30::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.31::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.32::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.33::~~~jenkins~~ cpe:/a:jenkins:parameterized_trigger:2.34::~~~jenkins~~

CVE-2017-1000084

2017-10-04T21:29:03.510-04:00

2019-10-02T20:03:26.223-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-17T11:31:31.110-04:00

CONFIRM https://jenkins.io/security/advisory/2017-07-10/ Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.

cpe:/a:jenkins:subversion:2.8::~~~jenkins~~

CVE-2017-1000085

2017-10-04T21:29:03.540-04:00

2017-11-02T12:06:34.887-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-17T11:35:25.303-04:00

BID 99574 CONFIRM https://jenkins.io/security/advisory/2017-07-10/ Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks.

cpe:/a:jenkins:periodic_backup:1.0::~~~jenkins~~ cpe:/a:jenkins:periodic_backup:1.1::~~~jenkins~~ cpe:/a:jenkins:periodic_backup:1.2::~~~jenkins~~ cpe:/a:jenkins:periodic_backup:1.3::~~~jenkins~~ cpe:/a:jenkins:periodic_backup:1.4::~~~jenkins~~

CVE-2017-1000086

2017-10-04T21:29:03.570-04:00

2019-10-02T20:03:26.223-04:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2017-10-17T11:35:40.130-04:00

BID 100437 CONFIRM https://jenkins.io/security/advisory/2017-07-10/ The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks.

cpe:/a:jenkins:github_branch_source:0.1:beta-1:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:0.1:beta-2:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:0.1:beta-3:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:0.1:beta-4:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.0::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.1::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.2::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.3::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.4::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.4:beta-1:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.5::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.6::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.7::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.8::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.8.1::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.9::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.10::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.0::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.0:beta-1:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.0:beta-2:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.1::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.1:beta-1:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.1:beta-2:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.1:beta-3:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.1:beta-4:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.1:beta-5:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.1:beta-6:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.2::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.3::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.4::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.4:beta-1:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.5::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.6::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.7::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.2.0::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.2.0:alpha-1:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.2.0:alpha-2:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.2.0:alpha-3:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.2.0:alpha-4:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.2.0:beta-1:~~~jenkins~~

CVE-2017-1000087

2017-10-04T21:29:03.603-04:00

2017-11-02T11:17:23.637-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-17T11:37:23.680-04:00

CONFIRM https://jenkins.io/security/advisory/2017-07-10/ GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.

cpe:/a:jenkins:sidebar_link:1.8::~~~jenkins~~

CVE-2017-1000088

2017-10-04T21:29:03.633-04:00

2017-11-02T11:08:35.320-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-17T11:39:15.743-04:00

CONFIRM https://jenkins.io/security/advisory/2017-07-10/ The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links.

cpe:/a:jenkins:pipeline%3a_build_step:2.5::~~~jenkins~~

CVE-2017-1000089

2017-10-04T21:29:03.667-04:00

2019-10-02T20:03:26.223-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2019-07-01T13:22:01.190-04:00

CONFIRM https://jenkins.io/security/advisory/2017-07-10/ Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.

cpe:/a:jenkins:role-based_authorization_strategy:2.5.0::~~~jenkins~~

CVE-2017-1000090

2017-10-04T21:29:03.697-04:00

2017-11-02T10:58:08.733-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-10-17T11:40:34.637-04:00

CONFIRM https://jenkins.io/security/advisory/2017-07-10/ Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins.

cpe:/a:jenkins:github_branch_source:0.1:beta-1:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:0.1:beta-2:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:0.1:beta-3:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:0.1:beta-4:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.0::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.1::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.2::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.3::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.4::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.4:beta-1:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.5::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.6::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.7::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.8::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.8.1::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.9::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:1.10::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.0::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.0:beta-1:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.0:beta-2:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.1::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.1:beta-1:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.1:beta-2:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.1:beta-3:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.1:beta-4:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.1:beta-5:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.1:beta-6:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.2::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.3::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.4::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.4:beta-1:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.5::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.6::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.0.7::~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.2.0:alpha-1:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.2.0:alpha-2:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.2.0:alpha-3:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.2.0:alpha-4:~~~jenkins~~ cpe:/a:jenkins:github_branch_source:2.2.0:beta-1:~~~jenkins~~

CVE-2017-1000091

2017-10-04T21:29:03.743-04:00

2017-10-17T13:12:18.563-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2019-02-22T23:28:47.830-05:00

CONFIRM https://jenkins.io/security/advisory/2017-07-10/ GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery.

cpe:/a:jenkins:git:0.1.0::~~~jenkins~~ cpe:/a:jenkins:git:0.2.0::~~~jenkins~~ cpe:/a:jenkins:git:0.3.0::~~~jenkins~~ cpe:/a:jenkins:git:0.4.0::~~~jenkins~~ cpe:/a:jenkins:git:0.5.0::~~~jenkins~~ cpe:/a:jenkins:git:0.6.0::~~~jenkins~~ cpe:/a:jenkins:git:0.7.0::~~~jenkins~~ cpe:/a:jenkins:git:0.7.1::~~~jenkins~~ cpe:/a:jenkins:git:0.7.2::~~~jenkins~~ cpe:/a:jenkins:git:0.7.3::~~~jenkins~~ cpe:/a:jenkins:git:0.8.0::~~~jenkins~~ cpe:/a:jenkins:git:0.8.1::~~~jenkins~~ cpe:/a:jenkins:git:0.8.2::~~~jenkins~~ cpe:/a:jenkins:git:0.9.0::~~~jenkins~~ cpe:/a:jenkins:git:0.9.1::~~~jenkins~~ cpe:/a:jenkins:git:0.9.2::~~~jenkins~~ cpe:/a:jenkins:git:1.0.0::~~~jenkins~~ cpe:/a:jenkins:git:1.0.1::~~~jenkins~~ cpe:/a:jenkins:git:1.1.0::~~~jenkins~~ cpe:/a:jenkins:git:1.1.1::~~~jenkins~~ cpe:/a:jenkins:git:1.1.2::~~~jenkins~~ cpe:/a:jenkins:git:1.1.3::~~~jenkins~~ cpe:/a:jenkins:git:1.1.4::~~~jenkins~~ cpe:/a:jenkins:git:1.1.5::~~~jenkins~~ cpe:/a:jenkins:git:1.1.6::~~~jenkins~~ cpe:/a:jenkins:git:1.1.7::~~~jenkins~~ cpe:/a:jenkins:git:1.1.8::~~~jenkins~~ cpe:/a:jenkins:git:1.1.9::~~~jenkins~~ cpe:/a:jenkins:git:1.1.10::~~~jenkins~~ cpe:/a:jenkins:git:1.1.11::~~~jenkins~~ cpe:/a:jenkins:git:1.1.12::~~~jenkins~~ cpe:/a:jenkins:git:1.1.13::~~~jenkins~~ cpe:/a:jenkins:git:1.1.14::~~~jenkins~~ cpe:/a:jenkins:git:1.1.15::~~~jenkins~~ cpe:/a:jenkins:git:1.1.16::~~~jenkins~~ cpe:/a:jenkins:git:1.1.17::~~~jenkins~~ cpe:/a:jenkins:git:1.1.18::~~~jenkins~~ cpe:/a:jenkins:git:1.1.19::~~~jenkins~~ cpe:/a:jenkins:git:1.1.20::~~~jenkins~~ cpe:/a:jenkins:git:1.1.21::~~~jenkins~~ cpe:/a:jenkins:git:1.1.22::~~~jenkins~~ cpe:/a:jenkins:git:1.1.23::~~~jenkins~~ cpe:/a:jenkins:git:1.1.24::~~~jenkins~~ cpe:/a:jenkins:git:1.1.25::~~~jenkins~~ cpe:/a:jenkins:git:1.1.26::~~~jenkins~~ cpe:/a:jenkins:git:1.1.27::~~~jenkins~~ cpe:/a:jenkins:git:1.1.28::~~~jenkins~~ cpe:/a:jenkins:git:1.1.29::~~~jenkins~~ cpe:/a:jenkins:git:1.2.0::~~~jenkins~~ cpe:/a:jenkins:git:1.3.0::~~~jenkins~~ cpe:/a:jenkins:git:1.4.0::~~~jenkins~~ cpe:/a:jenkins:git:1.5.0::~~~jenkins~~ cpe:/a:jenkins:git:1.6.0:beta-1:~~~jenkins~~ cpe:/a:jenkins:git:2.0.0::~~~jenkins~~ cpe:/a:jenkins:git:2.0.0:alpha-1:~~~jenkins~~ cpe:/a:jenkins:git:2.0.0:alpha-2:~~~jenkins~~ cpe:/a:jenkins:git:2.0.0:beta-2:~~~jenkins~~ cpe:/a:jenkins:git:2.0.0:beta-3:~~~jenkins~~ cpe:/a:jenkins:git:2.0.1::~~~jenkins~~ cpe:/a:jenkins:git:2.0.2::~~~jenkins~~ cpe:/a:jenkins:git:2.0.3::~~~jenkins~~ cpe:/a:jenkins:git:2.0.4::~~~jenkins~~ cpe:/a:jenkins:git:2.1.0::~~~jenkins~~ cpe:/a:jenkins:git:2.2.0::~~~jenkins~~ cpe:/a:jenkins:git:2.2.1::~~~jenkins~~ cpe:/a:jenkins:git:2.2.2::~~~jenkins~~ cpe:/a:jenkins:git:2.2.3::~~~jenkins~~ cpe:/a:jenkins:git:2.2.4::~~~jenkins~~ cpe:/a:jenkins:git:2.2.5::~~~jenkins~~ cpe:/a:jenkins:git:2.2.6::~~~jenkins~~ cpe:/a:jenkins:git:2.2.7::~~~jenkins~~ cpe:/a:jenkins:git:2.2.8::~~~jenkins~~ cpe:/a:jenkins:git:2.2.9::~~~jenkins~~ cpe:/a:jenkins:git:2.2.10::~~~jenkins~~ cpe:/a:jenkins:git:2.2.11::~~~jenkins~~ cpe:/a:jenkins:git:2.2.12::~~~jenkins~~ cpe:/a:jenkins:git:2.3.0::~~~jenkins~~ cpe:/a:jenkins:git:2.3.0:beta-1:~~~jenkins~~ cpe:/a:jenkins:git:2.3.0:beta-2:~~~jenkins~~ cpe:/a:jenkins:git:2.3.0:beta-3:~~~jenkins~~ cpe:/a:jenkins:git:2.3.0:beta-4:~~~jenkins~~ cpe:/a:jenkins:git:2.3.1::~~~jenkins~~ cpe:/a:jenkins:git:2.3.2::~~~jenkins~~ cpe:/a:jenkins:git:2.3.3::~~~jenkins~~ cpe:/a:jenkins:git:2.3.4::~~~jenkins~~ cpe:/a:jenkins:git:2.3.5::~~~jenkins~~ cpe:/a:jenkins:git:2.4.0::~~~jenkins~~ cpe:/a:jenkins:git:2.4.1::~~~jenkins~~ cpe:/a:jenkins:git:2.4.2::~~~jenkins~~ cpe:/a:jenkins:git:2.4.3::~~~jenkins~~ cpe:/a:jenkins:git:2.4.4::~~~jenkins~~ cpe:/a:jenkins:git:2.5.0::~~~jenkins~~ cpe:/a:jenkins:git:2.5.0:beta-1:~~~jenkins~~ cpe:/a:jenkins:git:2.5.0:beta-2:~~~jenkins~~ cpe:/a:jenkins:git:2.5.0:beta-3:~~~jenkins~~ cpe:/a:jenkins:git:2.5.0:beta-4:~~~jenkins~~ cpe:/a:jenkins:git:2.5.0:beta-5:~~~jenkins~~ cpe:/a:jenkins:git:2.5.1::~~~jenkins~~ cpe:/a:jenkins:git:2.5.2::~~~jenkins~~ cpe:/a:jenkins:git:2.5.3::~~~jenkins~~ cpe:/a:jenkins:git:2.6.0::~~~jenkins~~ cpe:/a:jenkins:git:2.6.1::~~~jenkins~~ cpe:/a:jenkins:git:2.6.2::~~~jenkins~~ cpe:/a:jenkins:git:2.6.2:beta-1:~~~jenkins~~ cpe:/a:jenkins:git:2.6.2:beta-2:~~~jenkins~~ cpe:/a:jenkins:git:2.6.4::~~~jenkins~~ cpe:/a:jenkins:git:2.6.5::~~~jenkins~~ cpe:/a:jenkins:git:3.0.0::~~~jenkins~~ cpe:/a:jenkins:git:3.0.0:beta-1:~~~jenkins~~ cpe:/a:jenkins:git:3.0.0:beta-2:~~~jenkins~~ cpe:/a:jenkins:git:3.0.1::~~~jenkins~~ cpe:/a:jenkins:git:3.0.2::~~~jenkins~~ cpe:/a:jenkins:git:3.0.2:beta-1:~~~jenkins~~ cpe:/a:jenkins:git:3.0.2:beta-2:~~~jenkins~~ cpe:/a:jenkins:git:3.0.3::~~~jenkins~~ cpe:/a:jenkins:git:3.0.4::~~~jenkins~~ cpe:/a:jenkins:git:3.0.5::~~~jenkins~~ cpe:/a:jenkins:git:3.1.0::~~~jenkins~~ cpe:/a:jenkins:git:3.2.0::~~~jenkins~~ cpe:/a:jenkins:git:3.3.0::~~~jenkins~~ cpe:/a:jenkins:git:3.3.1::~~~jenkins~~ cpe:/a:jenkins:git:3.4.0:alpha-1:~~~jenkins~~ cpe:/a:jenkins:git:3.4.0:alpha-4:~~~jenkins~~ cpe:/a:jenkins:git:3.4.0:beta-1:~~~jenkins~~

CVE-2017-1000092

2017-10-04T21:29:03.773-04:00

2017-10-17T13:02:44.023-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-17T10:03:51.607-04:00

BID 100435 CONFIRM https://jenkins.io/security/advisory/2017-07-10/ Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.

cpe:/a:jenkins:poll_scm:1.3.1::~~~jenkins~~

CVE-2017-1000093

2017-10-04T21:29:03.807-04:00

2017-10-17T10:18:04.983-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-10-17T10:04:14.373-04:00

CONFIRM https://jenkins.io/security/advisory/2017-07-10/ Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission.

cpe:/a:jenkins:docker_commons:1.9::~~~jenkins~~

CVE-2017-1000094

2017-10-04T21:29:03.853-04:00

2017-10-17T10:14:05.713-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-17T10:04:46.340-04:00

CONFIRM https://jenkins.io/security/advisory/2017-07-10/ Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.

cpe:/a:jenkins:script_security:1.34::~~~jenkins~~

CVE-2017-1000095

2017-10-04T21:29:03.883-04:00

2019-10-02T20:03:26.223-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-16T13:02:24.333-04:00

CONFIRM https://jenkins.io/security/advisory/2017-07-10/ The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild['rawBuild'] rather than currentBuild.rawBuild. Additionally, the following entries allowed accessing private data that would not be accessible otherwise due to script security: groovy.json.JsonOutput.toJson(Closure); groovy.json.JsonOutput.toJson(Object).

cpe:/a:jenkins:pipeline%3a_groovy:2.36::~~~jenkins~~

CVE-2017-1000096

2017-10-04T21:29:03.917-04:00

2019-10-02T20:03:26.223-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2019-07-01T13:19:28.433-04:00

BID 99571 CONFIRM https://jenkins.io/security/advisory/2017-07-10/ Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.

cpe:/a:golang:go:1.6.3 cpe:/a:golang:go:1.7.3

CVE-2017-1000097

2017-10-04T21:29:03.947-04:00

2018-08-13T17:47:55.557-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM https://github.com/golang/go/issues/18141 CONFIRM https://go-review.googlesource.com/c/33721/ CONFIRM https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.

cpe:/a:golang:go:1.6.3 cpe:/a:golang:go:1.7.3

CVE-2017-1000098

2017-10-04T21:29:03.977-04:00

2018-08-13T17:47:55.667-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM https://golang.org/cl/30410 CONFIRM https://golang.org/issue/17965 CONFIRM https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.

cpe:/a:haxx:libcurl:7.54.1

CVE-2017-1000099

2017-10-04T21:29:04.023-04:00

2017-11-01T15:23:23.233-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-13T09:28:15.657-04:00

BID 100281 SECTRACK 1039119 CONFIRM https://curl.haxx.se/0809C.patch MISC https://curl.haxx.se/docs/adv_20170809C.html GENTOO GLSA-201709-14 When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.

cpe:/a:oracle:hospitality_simphony:1.7.1::~~first~~~

CVE-2017-10001

2017-08-08T11:29:00.227-04:00

2019-10-02T20:03:26.223-04:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2017-08-10T11:17:20.623-04:00

CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html SECTRACK 1038941 Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 1.7.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony First Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony First Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Simphony First Edition. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H).

cpe:/a:haxx:libcurl:7.15.0 cpe:/a:haxx:libcurl:7.15.1 cpe:/a:haxx:libcurl:7.15.2 cpe:/a:haxx:libcurl:7.15.3 cpe:/a:haxx:libcurl:7.15.4 cpe:/a:haxx:libcurl:7.15.5 cpe:/a:haxx:libcurl:7.16.0 cpe:/a:haxx:libcurl:7.16.1 cpe:/a:haxx:libcurl:7.16.2 cpe:/a:haxx:libcurl:7.16.3 cpe:/a:haxx:libcurl:7.16.4 cpe:/a:haxx:libcurl:7.17.0 cpe:/a:haxx:libcurl:7.17.1 cpe:/a:haxx:libcurl:7.18.0 cpe:/a:haxx:libcurl:7.18.1 cpe:/a:haxx:libcurl:7.18.2 cpe:/a:haxx:libcurl:7.19.0 cpe:/a:haxx:libcurl:7.19.1 cpe:/a:haxx:libcurl:7.19.2 cpe:/a:haxx:libcurl:7.19.3 cpe:/a:haxx:libcurl:7.19.4 cpe:/a:haxx:libcurl:7.19.5 cpe:/a:haxx:libcurl:7.19.6 cpe:/a:haxx:libcurl:7.19.7 cpe:/a:haxx:libcurl:7.20.0 cpe:/a:haxx:libcurl:7.20.1 cpe:/a:haxx:libcurl:7.21.0 cpe:/a:haxx:libcurl:7.21.1 cpe:/a:haxx:libcurl:7.21.2 cpe:/a:haxx:libcurl:7.21.3 cpe:/a:haxx:libcurl:7.21.4 cpe:/a:haxx:libcurl:7.21.5 cpe:/a:haxx:libcurl:7.21.6 cpe:/a:haxx:libcurl:7.21.7 cpe:/a:haxx:libcurl:7.22.0 cpe:/a:haxx:libcurl:7.23.0 cpe:/a:haxx:libcurl:7.23.1 cpe:/a:haxx:libcurl:7.24.0 cpe:/a:haxx:libcurl:7.25.0 cpe:/a:haxx:libcurl:7.26.0 cpe:/a:haxx:libcurl:7.27.0 cpe:/a:haxx:libcurl:7.28.0 cpe:/a:haxx:libcurl:7.28.1 cpe:/a:haxx:libcurl:7.29.0 cpe:/a:haxx:libcurl:7.30.0 cpe:/a:haxx:libcurl:7.31.0 cpe:/a:haxx:libcurl:7.32.0 cpe:/a:haxx:libcurl:7.33.0 cpe:/a:haxx:libcurl:7.34.0 cpe:/a:haxx:libcurl:7.35.0 cpe:/a:haxx:libcurl:7.36.0 cpe:/a:haxx:libcurl:7.37.0 cpe:/a:haxx:libcurl:7.37.1 cpe:/a:haxx:libcurl:7.38.0 cpe:/a:haxx:libcurl:7.39 cpe:/a:haxx:libcurl:7.40.0 cpe:/a:haxx:libcurl:7.41.0 cpe:/a:haxx:libcurl:7.42.0 cpe:/a:haxx:libcurl:7.42.1 cpe:/a:haxx:libcurl:7.43.0 cpe:/a:haxx:libcurl:7.44.0 cpe:/a:haxx:libcurl:7.45.0 cpe:/a:haxx:libcurl:7.46.0 cpe:/a:haxx:libcurl:7.47.0 cpe:/a:haxx:libcurl:7.47.1 cpe:/a:haxx:libcurl:7.48.0 cpe:/a:haxx:libcurl:7.49.0 cpe:/a:haxx:libcurl:7.49.1 cpe:/a:haxx:libcurl:7.50.0 cpe:/a:haxx:libcurl:7.50.1 cpe:/a:haxx:libcurl:7.50.2 cpe:/a:haxx:libcurl:7.50.3 cpe:/a:haxx:libcurl:7.51.0 cpe:/a:haxx:libcurl:7.52.0 cpe:/a:haxx:libcurl:7.52.1 cpe:/a:haxx:libcurl:7.53.0 cpe:/a:haxx:libcurl:7.53.1 cpe:/a:haxx:libcurl:7.54.0 cpe:/a:haxx:libcurl:7.54.1

CVE-2017-1000100

2017-10-04T21:29:04.057-04:00

2018-11-13T06:29:06.760-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov DEBIAN DSA-3992 BID 100286 SECTRACK 1039118 REDHAT RHSA-2018:3558 CONFIRM https://curl.haxx.se/docs/adv_20170809B.html GENTOO GLSA-201709-14 CONFIRM https://support.apple.com/HT208221 When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.

cpe:/a:haxx:curl:7.4.1 cpe:/a:haxx:curl:7.35.0 cpe:/a:haxx:curl:7.36.0 cpe:/a:haxx:curl:7.37.0 cpe:/a:haxx:curl:7.37.1 cpe:/a:haxx:curl:7.38.0 cpe:/a:haxx:curl:7.39.0 cpe:/a:haxx:curl:7.40.0 cpe:/a:haxx:curl:7.41.0 cpe:/a:haxx:curl:7.42.0 cpe:/a:haxx:curl:7.42.1 cpe:/a:haxx:curl:7.43.0 cpe:/a:haxx:curl:7.44.0 cpe:/a:haxx:curl:7.45.0 cpe:/a:haxx:curl:7.46.0 cpe:/a:haxx:curl:7.47.0 cpe:/a:haxx:curl:7.47.1 cpe:/a:haxx:curl:7.48.0 cpe:/a:haxx:curl:7.49.0 cpe:/a:haxx:curl:7.49.1 cpe:/a:haxx:curl:7.50.0 cpe:/a:haxx:curl:7.50.1 cpe:/a:haxx:curl:7.50.2 cpe:/a:haxx:curl:7.50.3 cpe:/a:haxx:curl:7.51.0 cpe:/a:haxx:curl:7.52.0 cpe:/a:haxx:curl:7.52.1 cpe:/a:haxx:curl:7.53.0 cpe:/a:haxx:curl:7.53.1 cpe:/a:haxx:curl:7.54.0 cpe:/a:haxx:curl:7.54.1 cpe:/a:haxx:curl:7.55.0

CVE-2017-1000101

2017-10-04T21:29:04.103-04:00

2018-11-13T06:29:07.120-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov DEBIAN DSA-3992 BID 100249 SECTRACK 1039117 REDHAT RHSA-2018:3558 CONFIRM https://curl.haxx.se/docs/adv_20170809A.html GENTOO GLSA-201709-14 CONFIRM https://support.apple.com/HT208221 curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.

cpe:/a:jenkins:static_analysis_utilities:1.91::~~~jenkins~~

CVE-2017-1000102

2017-10-04T21:29:04.133-04:00

2017-11-01T15:08:16.583-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-17T13:38:45.570-04:00

BID 101061 CONFIRM https://jenkins.io/security/advisory/2017-08-07/ The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.

cpe:/a:jenkins:dry:2.48::~~~jenkins~~

CVE-2017-1000103

2017-10-04T21:29:04.167-04:00

2017-11-01T15:16:14.107-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-01T15:10:12.637-04:00

BID 101061 CONFIRM https://jenkins.io/security/advisory/2017-08-07/ The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.

cpe:/a:jenkins:config_file_provider:2.16.1::~~~jenkins~~

CVE-2017-1000104

2017-10-04T21:29:04.213-04:00

2019-10-02T20:03:26.223-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-17T15:03:15.453-04:00

CONFIRM https://jenkins.io/security/advisory/2017-08-07/ The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient permissions to configure the provided files, view the configuration of the folder in which the configuration files are defined, or have Job/Configure permissions to a job able to use these files.

cpe:/a:jenkins:blue_ocean:1.1.5::~~~jenkins~~ cpe:/a:jenkins:blue_ocean:1.2.0:beta-1:~~~jenkins~~ cpe:/a:jenkins:blue_ocean:1.2.0:beta-2:~~~jenkins~~ cpe:/a:jenkins:blue_ocean:1.2.0:beta-3:~~~jenkins~~

CVE-2017-1000105

2017-10-04T21:29:04.243-04:00

2019-10-02T20:03:26.223-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-17T14:02:23.917-04:00

CONFIRM https://jenkins.io/security/advisory/2017-08-07/ The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.

cpe:/a:jenkins:blue_ocean:1.1.5::~~~jenkins~~ cpe:/a:jenkins:blue_ocean:1.2.0:beta1:~~~jenkins~~ cpe:/a:jenkins:blue_ocean:1.2.0:beta2:~~~jenkins~~ cpe:/a:jenkins:blue_ocean:1.2.0:beta3:~~~jenkins~~

CVE-2017-1000106

2017-10-04T21:29:04.273-04:00

2019-10-02T20:03:26.223-04:00

5.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2019-06-06T13:46:14.197-04:00

CONFIRM https://jenkins.io/security/advisory/2017-08-07/ Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user's authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator's GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name.

cpe:/a:jenkins:script_security:1.30::~~~jenkins~~

CVE-2017-1000107

2017-10-04T21:29:04.307-04:00

2019-10-02T20:03:26.223-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2017-10-17T11:49:56.270-04:00

CONFIRM https://jenkins.io/security/advisory/2017-08-07/ Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.

cpe:/a:jenkins:pipeline-input-step:2.0::~~~jenkins~~ cpe:/a:jenkins:pipeline-input-step:2.1::~~~jenkins~~ cpe:/a:jenkins:pipeline-input-step:2.2::~~~jenkins~~ cpe:/a:jenkins:pipeline-input-step:2.3::~~~jenkins~~ cpe:/a:jenkins:pipeline-input-step:2.4::~~~jenkins~~ cpe:/a:jenkins:pipeline-input-step:2.5::~~~jenkins~~ cpe:/a:jenkins:pipeline-input-step:2.6::~~~jenkins~~ cpe:/a:jenkins:pipeline-input-step:2.7::~~~jenkins~~

CVE-2017-1000108

2017-10-04T21:29:04.337-04:00

2017-11-01T09:54:00.067-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2019-06-11T15:16:25.737-04:00

CONFIRM https://jenkins.io/security/advisory/2017-08-07/ The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.

cpe:/a:jenkins:owasp_dependency-check:1.0.1::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.0.1.1::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.0.2::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.0.3::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.0.4::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.0.4.1::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.0.5::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.0.7::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.0.8::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.1.0::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.1.1::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.1.1.1::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.1.1.2::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.1.2::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.1.3::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.1.4::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.1.4.1::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.0::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.1::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.2::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.3::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.3.1::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.3.2::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.4::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.5::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.6::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.7::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.7.1::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.8::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.9::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.10::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.11::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.2.11.1::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.3.0::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.3.1::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.3.1.1::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.3.1.2::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.3.2::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.3.3::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.3.4::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.3.5::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.3.6::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.4.0::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.4.1::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.4.2::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.4.3::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.4.4::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:1.4.5::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:2.0.0::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:2.0.1::~~~jenkins~~ cpe:/a:jenkins:owasp_dependency-check:2.0.1.1::~~~jenkins~~

CVE-2017-1000109

2017-10-04T21:29:04.367-04:00

2017-10-19T16:52:57.747-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-17T13:42:25.077-04:00

BID 100227 CONFIRM https://jenkins.io/security/advisory/2017-08-07/ The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.

CVE-2017-1000110

2017-10-04T21:29:04.400-04:00

2019-10-02T20:03:26.223-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-17T12:26:54.827-04:00

cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0 cpe:/o:linux:linux_kernel:4.12.3 cpe:/o:redhat:enterprise_linux:5.0 cpe:/o:redhat:enterprise_linux:6.0 cpe:/o:redhat:enterprise_linux:7.0 cpe:/o:redhat:enterprise_linux_desktop:6.0 cpe:/o:redhat:enterprise_linux_desktop:7.0 cpe:/o:redhat:enterprise_linux_server:6.0 cpe:/o:redhat:enterprise_linux_server:7.0 cpe:/o:redhat:enterprise_linux_server_aus:7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.4 cpe:/o:redhat:enterprise_linux_server_tus:7.6 cpe:/o:redhat:enterprise_linux_workstation:6.0 cpe:/o:redhat:enterprise_linux_workstation:7.0 cpe:/o:redhat:virtualization:4.0

CVE-2017-1000111

2017-10-04T21:29:04.430-04:00

2019-10-02T20:03:26.223-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2019-04-23T13:16:25.357-04:00

DEBIAN DSA-3981 BID 100267 SECTRACK 1039132 REDHAT RHSA-2017:2918 REDHAT RHSA-2017:2930 REDHAT RHSA-2017:2931 REDHAT RHSA-2017:3200 CONFIRM https://access.redhat.com/security/cve/cve-2017-1000111 Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.

cpe:/o:linux:linux_kernel:4.13.9

CVE-2017-1000112

2017-10-04T21:29:04.477-04:00

2018-08-05T21:29:00.380-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MLIST [oss-security] 20170810 Linux kernel: CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch DEBIAN DSA-3981 BID 100262 SECTRACK 1039162 REDHAT RHSA-2017:2918 REDHAT RHSA-2017:2930 REDHAT RHSA-2017:2931 REDHAT RHSA-2017:3200 REDHAT RHSA-2019:1931 REDHAT RHSA-2019:1932 MISC https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-1000112 EXPLOIT-DB 45147 Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.

cpe:/a:jenkins:deploy:1.12::~~~jenkins~~

CVE-2017-1000113

2017-10-04T21:29:04.510-04:00

2019-06-11T16:19:05.933-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2019-06-06T13:24:45.097-04:00

CONFIRM https://jenkins.io/security/advisory/2017-08-07/ The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords.

cpe:/a:jenkins:datadog:0.5.6::~~~jenkins~~

CVE-2017-1000114

2017-10-04T21:29:04.540-04:00

2017-10-17T12:28:14.470-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-10-17T12:20:27.433-04:00

BID 100223 CONFIRM https://jenkins.io/security/advisory/2017-08-07/ The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser extensions or cross-site scripting vulnerabilities. The Datadog Plugin now encrypts the API key transmitted to administrators viewing the global configuration form.

cpe:/a:mercurial:mercurial:1.6.0 cpe:/a:mercurial:mercurial:1.6.1 cpe:/a:mercurial:mercurial:1.6.2 cpe:/a:mercurial:mercurial:1.6.3 cpe:/a:mercurial:mercurial:1.6.4 cpe:/a:mercurial:mercurial:1.7.0 cpe:/a:mercurial:mercurial:1.7.1 cpe:/a:mercurial:mercurial:1.7.2 cpe:/a:mercurial:mercurial:1.7.3 cpe:/a:mercurial:mercurial:1.7.4 cpe:/a:mercurial:mercurial:1.7.5 cpe:/a:mercurial:mercurial:1.8.0 cpe:/a:mercurial:mercurial:1.8.1 cpe:/a:mercurial:mercurial:1.8.2 cpe:/a:mercurial:mercurial:1.8.3 cpe:/a:mercurial:mercurial:1.8.4 cpe:/a:mercurial:mercurial:1.9.0 cpe:/a:mercurial:mercurial:1.9.1 cpe:/a:mercurial:mercurial:1.9.2 cpe:/a:mercurial:mercurial:1.9.3 cpe:/a:mercurial:mercurial:2.0.0 cpe:/a:mercurial:mercurial:2.0.1 cpe:/a:mercurial:mercurial:2.0.2 cpe:/a:mercurial:mercurial:2.1.0 cpe:/a:mercurial:mercurial:2.1.1 cpe:/a:mercurial:mercurial:2.1.2 cpe:/a:mercurial:mercurial:2.2.0 cpe:/a:mercurial:mercurial:2.2.1 cpe:/a:mercurial:mercurial:2.2.2 cpe:/a:mercurial:mercurial:2.2.3 cpe:/a:mercurial:mercurial:2.3.0 cpe:/a:mercurial:mercurial:2.3.1 cpe:/a:mercurial:mercurial:2.3.2 cpe:/a:mercurial:mercurial:2.4.0 cpe:/a:mercurial:mercurial:2.4.1 cpe:/a:mercurial:mercurial:2.4.2 cpe:/a:mercurial:mercurial:2.5.0 cpe:/a:mercurial:mercurial:2.5.1 cpe:/a:mercurial:mercurial:2.5.2 cpe:/a:mercurial:mercurial:2.5.3 cpe:/a:mercurial:mercurial:2.5.4 cpe:/a:mercurial:mercurial:2.6.0 cpe:/a:mercurial:mercurial:2.6.1 cpe:/a:mercurial:mercurial:2.6.2 cpe:/a:mercurial:mercurial:2.6.3 cpe:/a:mercurial:mercurial:2.7.0 cpe:/a:mercurial:mercurial:2.7.1 cpe:/a:mercurial:mercurial:2.7.2 cpe:/a:mercurial:mercurial:2.8.0 cpe:/a:mercurial:mercurial:2.8.1 cpe:/a:mercurial:mercurial:2.8.2 cpe:/a:mercurial:mercurial:2.9.0 cpe:/a:mercurial:mercurial:2.9.1 cpe:/a:mercurial:mercurial:2.9.2 cpe:/a:mercurial:mercurial:3.0.0 cpe:/a:mercurial:mercurial:3.0.1 cpe:/a:mercurial:mercurial:3.0.2 cpe:/a:mercurial:mercurial:3.1.0 cpe:/a:mercurial:mercurial:3.1.1 cpe:/a:mercurial:mercurial:3.1.2 cpe:/a:mercurial:mercurial:3.2.0 cpe:/a:mercurial:mercurial:3.2.1 cpe:/a:mercurial:mercurial:3.2.2 cpe:/a:mercurial:mercurial:3.2.3 cpe:/a:mercurial:mercurial:3.2.4 cpe:/a:mercurial:mercurial:3.3.0 cpe:/a:mercurial:mercurial:3.3.1 cpe:/a:mercurial:mercurial:3.3.2 cpe:/a:mercurial:mercurial:3.3.3 cpe:/a:mercurial:mercurial:3.4.0 cpe:/a:mercurial:mercurial:3.4.1 cpe:/a:mercurial:mercurial:3.4.2 cpe:/a:mercurial:mercurial:3.5.0 cpe:/a:mercurial:mercurial:3.5.1 cpe:/a:mercurial:mercurial:3.5.2 cpe:/a:mercurial:mercurial:3.6.0 cpe:/a:mercurial:mercurial:3.6.1 cpe:/a:mercurial:mercurial:3.6.2 cpe:/a:mercurial:mercurial:3.6.3 cpe:/a:mercurial:mercurial:3.7.0 cpe:/a:mercurial:mercurial:3.7.1 cpe:/a:mercurial:mercurial:3.7.2 cpe:/a:mercurial:mercurial:3.7.3 cpe:/a:mercurial:mercurial:3.8.0 cpe:/a:mercurial:mercurial:3.8.1 cpe:/a:mercurial:mercurial:3.8.2 cpe:/a:mercurial:mercurial:3.8.3 cpe:/a:mercurial:mercurial:3.8.4 cpe:/a:mercurial:mercurial:3.9.0 cpe:/a:mercurial:mercurial:3.9.1 cpe:/a:mercurial:mercurial:3.9.2 cpe:/a:mercurial:mercurial:4.0 cpe:/a:mercurial:mercurial:4.0.1 cpe:/a:mercurial:mercurial:4.0.2 cpe:/a:mercurial:mercurial:4.1 cpe:/a:mercurial:mercurial:4.1.0 cpe:/a:mercurial:mercurial:4.1.1 cpe:/a:mercurial:mercurial:4.1.2 cpe:/a:mercurial:mercurial:4.1.3 cpe:/a:mercurial:mercurial:4.2 cpe:/a:mercurial:mercurial:4.2.0 cpe:/a:mercurial:mercurial:4.2.1 cpe:/a:mercurial:mercurial:4.2.2 cpe:/a:mercurial:mercurial:4.2.3 cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0 cpe:/o:redhat:enterprise_linux_desktop:7.0 cpe:/o:redhat:enterprise_linux_server:7.0 cpe:/o:redhat:enterprise_linux_server_aus:7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.4 cpe:/o:redhat:enterprise_linux_server_tus:7.6 cpe:/o:redhat:enterprise_linux_workstation:7.0

CVE-2017-1000115

2017-10-04T21:29:04.587-04:00

2019-05-10T10:58:45.640-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2019-04-30T12:22:35.067-04:00

DEBIAN DSA-3963 BID 100290 REDHAT RHSA-2017:2489 GENTOO GLSA-201709-18 CONFIRM https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29 Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

CVE-2017-1000116

2017-10-04T21:29:04.617-04:00

2019-10-02T20:03:26.223-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2019-04-30T12:34:18.050-04:00

DEBIAN DSA-3963 BID 100290 REDHAT RHSA-2017:2489 GENTOO GLSA-201709-18 CONFIRM https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29 Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

cpe:/a:git-scm:git:2.7.5 cpe:/a:git-scm:git:2.8.0 cpe:/a:git-scm:git:2.8.0:rc0 cpe:/a:git-scm:git:2.8.0:rc1 cpe:/a:git-scm:git:2.8.0:rc2 cpe:/a:git-scm:git:2.8.0:rc3 cpe:/a:git-scm:git:2.8.1 cpe:/a:git-scm:git:2.8.2 cpe:/a:git-scm:git:2.8.3 cpe:/a:git-scm:git:2.8.4 cpe:/a:git-scm:git:2.8.5 cpe:/a:git-scm:git:2.9.0 cpe:/a:git-scm:git:2.9.0:rc0 cpe:/a:git-scm:git:2.9.0:rc1 cpe:/a:git-scm:git:2.9.0:rc2 cpe:/a:git-scm:git:2.9.1 cpe:/a:git-scm:git:2.9.2 cpe:/a:git-scm:git:2.9.3 cpe:/a:git-scm:git:2.9.4 cpe:/a:git-scm:git:2.10.0 cpe:/a:git-scm:git:2.10.0:rc0 cpe:/a:git-scm:git:2.10.0:rc1 cpe:/a:git-scm:git:2.10.0:rc2 cpe:/a:git-scm:git:2.10.1 cpe:/a:git-scm:git:2.10.2 cpe:/a:git-scm:git:2.10.3 cpe:/a:git-scm:git:2.11.0 cpe:/a:git-scm:git:2.11.0:rc0 cpe:/a:git-scm:git:2.11.0:rc1 cpe:/a:git-scm:git:2.11.0:rc2 cpe:/a:git-scm:git:2.11.0:rc3 cpe:/a:git-scm:git:2.11.1 cpe:/a:git-scm:git:2.11.2 cpe:/a:git-scm:git:2.12.0 cpe:/a:git-scm:git:2.12.0:rc0 cpe:/a:git-scm:git:2.12.0:rc1 cpe:/a:git-scm:git:2.12.0:rc2 cpe:/a:git-scm:git:2.12.1 cpe:/a:git-scm:git:2.12.2 cpe:/a:git-scm:git:2.12.3 cpe:/a:git-scm:git:2.13.0 cpe:/a:git-scm:git:2.13.0:rc0 cpe:/a:git-scm:git:2.13.0:rc1 cpe:/a:git-scm:git:2.13.0:rc2 cpe:/a:git-scm:git:2.13.1 cpe:/a:git-scm:git:2.13.2 cpe:/a:git-scm:git:2.13.3 cpe:/a:git-scm:git:2.13.4 cpe:/a:git-scm:git:2.14.0 cpe:/a:git-scm:git:2.14.0:rc0 cpe:/a:git-scm:git:2.14.0:rc1

CVE-2017-1000117

2017-10-04T21:29:04.650-04:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov DEBIAN DSA-3934 BID 100283 SECTRACK 1039131 REDHAT RHSA-2017:2484 REDHAT RHSA-2017:2485 REDHAT RHSA-2017:2491 REDHAT RHSA-2017:2674 REDHAT RHSA-2017:2675 GENTOO GLSA-201709-10 CONFIRM https://support.apple.com/HT208103 EXPLOIT-DB 42599 MISC https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.

cpe:/a:akka:http_server:10.0.5

CVE-2017-1000118

2017-10-04T21:29:04.697-04:00

2017-10-13T14:07:51.923-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-10-12T21:37:24.710-04:00

CONFIRM https://doc.akka.io/docs/akka-http/10.0.6/security/2017-05-03-illegal-media-range-in-accept-header-causes-stackoverflowerror.html Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service

cpe:/a:octobercms:october_cms:1.0.412

CVE-2017-1000119

2017-10-04T21:29:04.727-04:00

2019-09-06T20:15:10.710-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov CONFIRM http://octobercms.com/support/article/rn-8 MISC http://packetstormsecurity.com/files/154390/October-CMS-Upload-Protection-Bypass-Code-Execution.html October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

cpe:/a:frappe:frappe:7.1.27

CVE-2017-1000120

2017-10-04T21:29:04.760-04:00

2017-10-13T09:36:47.520-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2017-10-12T17:25:59.873-04:00

MISC http://tech.mantz-it.com/2016/12/sql-injection-in-frappe-framework.html [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.

cpe:/a:webkitgtk:webkitgtk%2b:1.1.1 cpe:/a:webkitgtk:webkitgtk%2b:1.1.3 cpe:/a:webkitgtk:webkitgtk%2b:1.1.4 cpe:/a:webkitgtk:webkitgtk%2b:1.1.5 cpe:/a:webkitgtk:webkitgtk%2b:1.1.6 cpe:/a:webkitgtk:webkitgtk%2b:1.1.7 cpe:/a:webkitgtk:webkitgtk%2b:1.1.8 cpe:/a:webkitgtk:webkitgtk%2b:1.1.9 cpe:/a:webkitgtk:webkitgtk%2b:1.1.10 cpe:/a:webkitgtk:webkitgtk%2b:1.1.11 cpe:/a:webkitgtk:webkitgtk%2b:1.1.12 cpe:/a:webkitgtk:webkitgtk%2b:1.1.13 cpe:/a:webkitgtk:webkitgtk%2b:1.1.14 cpe:/a:webkitgtk:webkitgtk%2b:1.1.15 cpe:/a:webkitgtk:webkitgtk%2b:1.1.15.1 cpe:/a:webkitgtk:webkitgtk%2b:1.1.15.2 cpe:/a:webkitgtk:webkitgtk%2b:1.1.15.3 cpe:/a:webkitgtk:webkitgtk%2b:1.1.15.4 cpe:/a:webkitgtk:webkitgtk%2b:1.1.16 cpe:/a:webkitgtk:webkitgtk%2b:1.1.17 cpe:/a:webkitgtk:webkitgtk%2b:1.1.18 cpe:/a:webkitgtk:webkitgtk%2b:1.1.19 cpe:/a:webkitgtk:webkitgtk%2b:1.1.20 cpe:/a:webkitgtk:webkitgtk%2b:1.1.21 cpe:/a:webkitgtk:webkitgtk%2b:1.1.22 cpe:/a:webkitgtk:webkitgtk%2b:1.1.23 cpe:/a:webkitgtk:webkitgtk%2b:1.1.90 cpe:/a:webkitgtk:webkitgtk%2b:1.2.0 cpe:/a:webkitgtk:webkitgtk%2b:1.2.1 cpe:/a:webkitgtk:webkitgtk%2b:1.2.2 cpe:/a:webkitgtk:webkitgtk%2b:1.2.3 cpe:/a:webkitgtk:webkitgtk%2b:1.2.4 cpe:/a:webkitgtk:webkitgtk%2b:1.2.5 cpe:/a:webkitgtk:webkitgtk%2b:1.2.6 cpe:/a:webkitgtk:webkitgtk%2b:1.2.7 cpe:/a:webkitgtk:webkitgtk%2b:1.3.1 cpe:/a:webkitgtk:webkitgtk%2b:1.3.2 cpe:/a:webkitgtk:webkitgtk%2b:1.3.3 cpe:/a:webkitgtk:webkitgtk%2b:1.3.4 cpe:/a:webkitgtk:webkitgtk%2b:1.3.5 cpe:/a:webkitgtk:webkitgtk%2b:1.3.6 cpe:/a:webkitgtk:webkitgtk%2b:1.3.7 cpe:/a:webkitgtk:webkitgtk%2b:1.3.8 cpe:/a:webkitgtk:webkitgtk%2b:1.3.9 cpe:/a:webkitgtk:webkitgtk%2b:1.3.10 cpe:/a:webkitgtk:webkitgtk%2b:1.3.11 cpe:/a:webkitgtk:webkitgtk%2b:1.3.12 cpe:/a:webkitgtk:webkitgtk%2b:1.3.13 cpe:/a:webkitgtk:webkitgtk%2b:1.4.0 cpe:/a:webkitgtk:webkitgtk%2b:1.4.1 cpe:/a:webkitgtk:webkitgtk%2b:1.4.2 cpe:/a:webkitgtk:webkitgtk%2b:1.4.3 cpe:/a:webkitgtk:webkitgtk%2b:1.5.1 cpe:/a:webkitgtk:webkitgtk%2b:1.5.2 cpe:/a:webkitgtk:webkitgtk%2b:1.5.90 cpe:/a:webkitgtk:webkitgtk%2b:1.6.0 cpe:/a:webkitgtk:webkitgtk%2b:1.6.1 cpe:/a:webkitgtk:webkitgtk%2b:1.6.2 cpe:/a:webkitgtk:webkitgtk%2b:1.6.3 cpe:/a:webkitgtk:webkitgtk%2b:1.7.1 cpe:/a:webkitgtk:webkitgtk%2b:1.7.2 cpe:/a:webkitgtk:webkitgtk%2b:1.7.3 cpe:/a:webkitgtk:webkitgtk%2b:1.7.4 cpe:/a:webkitgtk:webkitgtk%2b:1.7.5 cpe:/a:webkitgtk:webkitgtk%2b:1.7.90 cpe:/a:webkitgtk:webkitgtk%2b:1.7.91 cpe:/a:webkitgtk:webkitgtk%2b:1.7.92 cpe:/a:webkitgtk:webkitgtk%2b:1.8.0 cpe:/a:webkitgtk:webkitgtk%2b:1.8.1 cpe:/a:webkitgtk:webkitgtk%2b:1.8.2 cpe:/a:webkitgtk:webkitgtk%2b:1.8.3 cpe:/a:webkitgtk:webkitgtk%2b:1.9.1 cpe:/a:webkitgtk:webkitgtk%2b:1.9.2 cpe:/a:webkitgtk:webkitgtk%2b:1.9.3 cpe:/a:webkitgtk:webkitgtk%2b:1.9.4 cpe:/a:webkitgtk:webkitgtk%2b:1.9.5 cpe:/a:webkitgtk:webkitgtk%2b:1.9.6 cpe:/a:webkitgtk:webkitgtk%2b:1.9.90 cpe:/a:webkitgtk:webkitgtk%2b:1.9.91 cpe:/a:webkitgtk:webkitgtk%2b:1.9.92 cpe:/a:webkitgtk:webkitgtk%2b:1.10.0 cpe:/a:webkitgtk:webkitgtk%2b:1.10.1 cpe:/a:webkitgtk:webkitgtk%2b:1.10.2 cpe:/a:webkitgtk:webkitgtk%2b:1.11.1 cpe:/a:webkitgtk:webkitgtk%2b:1.11.2 cpe:/a:webkitgtk:webkitgtk%2b:1.11.4 cpe:/a:webkitgtk:webkitgtk%2b:1.11.5 cpe:/a:webkitgtk:webkitgtk%2b:1.11.90 cpe:/a:webkitgtk:webkitgtk%2b:1.11.91 cpe:/a:webkitgtk:webkitgtk%2b:1.11.92 cpe:/a:webkitgtk:webkitgtk%2b:2.0.0 cpe:/a:webkitgtk:webkitgtk%2b:2.0.1 cpe:/a:webkitgtk:webkitgtk%2b:2.0.2 cpe:/a:webkitgtk:webkitgtk%2b:2.0.3 cpe:/a:webkitgtk:webkitgtk%2b:2.0.4 cpe:/a:webkitgtk:webkitgtk%2b:2.1.1 cpe:/a:webkitgtk:webkitgtk%2b:2.1.2 cpe:/a:webkitgtk:webkitgtk%2b:2.1.3 cpe:/a:webkitgtk:webkitgtk%2b:2.1.4 cpe:/a:webkitgtk:webkitgtk%2b:2.1.90 cpe:/a:webkitgtk:webkitgtk%2b:2.1.90.1 cpe:/a:webkitgtk:webkitgtk%2b:2.1.91 cpe:/a:webkitgtk:webkitgtk%2b:2.1.92 cpe:/a:webkitgtk:webkitgtk%2b:2.1.92a cpe:/a:webkitgtk:webkitgtk%2b:2.2.0 cpe:/a:webkitgtk:webkitgtk%2b:2.2.0a cpe:/a:webkitgtk:webkitgtk%2b:2.2.1 cpe:/a:webkitgtk:webkitgtk%2b:2.2.1a cpe:/a:webkitgtk:webkitgtk%2b:2.2.2 cpe:/a:webkitgtk:webkitgtk%2b:2.2.2a cpe:/a:webkitgtk:webkitgtk%2b:2.2.3 cpe:/a:webkitgtk:webkitgtk%2b:2.2.3a cpe:/a:webkitgtk:webkitgtk%2b:2.2.4 cpe:/a:webkitgtk:webkitgtk%2b:2.2.4a cpe:/a:webkitgtk:webkitgtk%2b:2.2.5 cpe:/a:webkitgtk:webkitgtk%2b:2.2.5a cpe:/a:webkitgtk:webkitgtk%2b:2.2.6 cpe:/a:webkitgtk:webkitgtk%2b:2.2.6a cpe:/a:webkitgtk:webkitgtk%2b:2.2.7 cpe:/a:webkitgtk:webkitgtk%2b:2.2.7a cpe:/a:webkitgtk:webkitgtk%2b:2.2.8 cpe:/a:webkitgtk:webkitgtk%2b:2.3.1 cpe:/a:webkitgtk:webkitgtk%2b:2.3.1a cpe:/a:webkitgtk:webkitgtk%2b:2.3.2 cpe:/a:webkitgtk:webkitgtk%2b:2.3.2a cpe:/a:webkitgtk:webkitgtk%2b:2.3.3 cpe:/a:webkitgtk:webkitgtk%2b:2.3.3a cpe:/a:webkitgtk:webkitgtk%2b:2.3.4 cpe:/a:webkitgtk:webkitgtk%2b:2.3.4a cpe:/a:webkitgtk:webkitgtk%2b:2.3.5 cpe:/a:webkitgtk:webkitgtk%2b:2.3.5a cpe:/a:webkitgtk:webkitgtk%2b:2.3.90 cpe:/a:webkitgtk:webkitgtk%2b:2.3.90a cpe:/a:webkitgtk:webkitgtk%2b:2.3.91 cpe:/a:webkitgtk:webkitgtk%2b:2.3.91a cpe:/a:webkitgtk:webkitgtk%2b:2.3.92 cpe:/a:webkitgtk:webkitgtk%2b:2.3.92a cpe:/a:webkitgtk:webkitgtk%2b:2.4.0 cpe:/a:webkitgtk:webkitgtk%2b:2.4.0a cpe:/a:webkitgtk:webkitgtk%2b:2.4.1 cpe:/a:webkitgtk:webkitgtk%2b:2.4.1a cpe:/a:webkitgtk:webkitgtk%2b:2.4.2 cpe:/a:webkitgtk:webkitgtk%2b:2.4.2a cpe:/a:webkitgtk:webkitgtk%2b:2.4.3 cpe:/a:webkitgtk:webkitgtk%2b:2.4.3a cpe:/a:webkitgtk:webkitgtk%2b:2.4.4 cpe:/a:webkitgtk:webkitgtk%2b:2.4.4a cpe:/a:webkitgtk:webkitgtk%2b:2.4.5 cpe:/a:webkitgtk:webkitgtk%2b:2.4.5a cpe:/a:webkitgtk:webkitgtk%2b:2.4.6 cpe:/a:webkitgtk:webkitgtk%2b:2.4.7 cpe:/a:webkitgtk:webkitgtk%2b:2.4.8 cpe:/a:webkitgtk:webkitgtk%2b:2.4.9 cpe:/a:webkitgtk:webkitgtk%2b:2.4.10 cpe:/a:webkitgtk:webkitgtk%2b:2.4.11 cpe:/a:webkitgtk:webkitgtk%2b:2.5.1 cpe:/a:webkitgtk:webkitgtk%2b:2.5.1a cpe:/a:webkitgtk:webkitgtk%2b:2.5.2 cpe:/a:webkitgtk:webkitgtk%2b:2.5.2a cpe:/a:webkitgtk:webkitgtk%2b:2.5.3 cpe:/a:webkitgtk:webkitgtk%2b:2.5.3a cpe:/a:webkitgtk:webkitgtk%2b:2.5.90 cpe:/a:webkitgtk:webkitgtk%2b:2.6.0 cpe:/a:webkitgtk:webkitgtk%2b:2.6.1 cpe:/a:webkitgtk:webkitgtk%2b:2.6.2 cpe:/a:webkitgtk:webkitgtk%2b:2.6.3 cpe:/a:webkitgtk:webkitgtk%2b:2.6.4 cpe:/a:webkitgtk:webkitgtk%2b:2.6.5 cpe:/a:webkitgtk:webkitgtk%2b:2.6.6 cpe:/a:webkitgtk:webkitgtk%2b:2.7.1 cpe:/a:webkitgtk:webkitgtk%2b:2.7.2 cpe:/a:webkitgtk:webkitgtk%2b:2.7.3 cpe:/a:webkitgtk:webkitgtk%2b:2.7.4 cpe:/a:webkitgtk:webkitgtk%2b:2.7.90 cpe:/a:webkitgtk:webkitgtk%2b:2.7.91 cpe:/a:webkitgtk:webkitgtk%2b:2.7.92 cpe:/a:webkitgtk:webkitgtk%2b:2.8.0 cpe:/a:webkitgtk:webkitgtk%2b:2.8.1 cpe:/a:webkitgtk:webkitgtk%2b:2.8.2 cpe:/a:webkitgtk:webkitgtk%2b:2.8.3 cpe:/a:webkitgtk:webkitgtk%2b:2.8.4 cpe:/a:webkitgtk:webkitgtk%2b:2.8.5 cpe:/a:webkitgtk:webkitgtk%2b:2.9.1 cpe:/a:webkitgtk:webkitgtk%2b:2.9.2 cpe:/a:webkitgtk:webkitgtk%2b:2.9.3 cpe:/a:webkitgtk:webkitgtk%2b:2.9.4 cpe:/a:webkitgtk:webkitgtk%2b:2.9.5 cpe:/a:webkitgtk:webkitgtk%2b:2.9.90 cpe:/a:webkitgtk:webkitgtk%2b:2.9.91 cpe:/a:webkitgtk:webkitgtk%2b:2.9.92 cpe:/a:webkitgtk:webkitgtk%2b:2.10.0 cpe:/a:webkitgtk:webkitgtk%2b:2.10.1 cpe:/a:webkitgtk:webkitgtk%2b:2.10.2 cpe:/a:webkitgtk:webkitgtk%2b:2.10.3 cpe:/a:webkitgtk:webkitgtk%2b:2.10.4 cpe:/a:webkitgtk:webkitgtk%2b:2.10.5 cpe:/a:webkitgtk:webkitgtk%2b:2.10.6 cpe:/a:webkitgtk:webkitgtk%2b:2.10.7 cpe:/a:webkitgtk:webkitgtk%2b:2.10.8 cpe:/a:webkitgtk:webkitgtk%2b:2.10.9 cpe:/a:webkitgtk:webkitgtk%2b:2.11.1 cpe:/a:webkitgtk:webkitgtk%2b:2.11.2 cpe:/a:webkitgtk:webkitgtk%2b:2.11.3 cpe:/a:webkitgtk:webkitgtk%2b:2.11.4 cpe:/a:webkitgtk:webkitgtk%2b:2.11.5 cpe:/a:webkitgtk:webkitgtk%2b:2.11.90 cpe:/a:webkitgtk:webkitgtk%2b:2.11.91 cpe:/a:webkitgtk:webkitgtk%2b:2.11.92 cpe:/a:webkitgtk:webkitgtk%2b:2.12.0 cpe:/a:webkitgtk:webkitgtk%2b:2.12.1 cpe:/a:webkitgtk:webkitgtk%2b:2.12.2 cpe:/a:webkitgtk:webkitgtk%2b:2.12.3 cpe:/a:webkitgtk:webkitgtk%2b:2.12.4 cpe:/a:webkitgtk:webkitgtk%2b:2.12.5 cpe:/a:webkitgtk:webkitgtk%2b:2.13.1 cpe:/a:webkitgtk:webkitgtk%2b:2.13.2 cpe:/a:webkitgtk:webkitgtk%2b:2.13.3 cpe:/a:webkitgtk:webkitgtk%2b:2.13.4 cpe:/a:webkitgtk:webkitgtk%2b:2.13.90 cpe:/a:webkitgtk:webkitgtk%2b:2.13.91 cpe:/a:webkitgtk:webkitgtk%2b:2.13.92 cpe:/a:webkitgtk:webkitgtk%2b:2.14.0 cpe:/a:webkitgtk:webkitgtk%2b:2.14.1 cpe:/a:webkitgtk:webkitgtk%2b:2.14.2 cpe:/a:webkitgtk:webkitgtk%2b:2.14.3 cpe:/a:webkitgtk:webkitgtk%2b:2.14.4 cpe:/a:webkitgtk:webkitgtk%2b:2.14.5 cpe:/a:webkitgtk:webkitgtk%2b:2.14.6 cpe:/a:webkitgtk:webkitgtk%2b:2.14.7 cpe:/a:webkitgtk:webkitgtk%2b:2.15.1 cpe:/a:webkitgtk:webkitgtk%2b:2.15.2 cpe:/a:webkitgtk:webkitgtk%2b:2.15.3 cpe:/a:webkitgtk:webkitgtk%2b:2.15.4 cpe:/a:webkitgtk:webkitgtk%2b:2.15.90 cpe:/a:webkitgtk:webkitgtk%2b:2.15.91 cpe:/a:webkitgtk:webkitgtk%2b:2.15.92 cpe:/a:webkitgtk:webkitgtk%2b:2.16.0 cpe:/a:webkitgtk:webkitgtk%2b:2.16.1 cpe:/a:webkitgtk:webkitgtk%2b:2.16.2

CVE-2017-1000121

2017-11-01T17:29:00.280-04:00

2017-11-21T14:22:16.807-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-21T14:12:50.233-05:00

CONFIRM http://trac.webkit.org/changeset/217126/webkit MISC https://webkitgtk.org/security/WSA-2017-0007.html The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products.

CVE-2017-1000122

2017-11-01T17:29:00.310-04:00

2017-11-21T14:18:24.927-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2019-02-22T23:57:00.667-05:00

CONFIRM http://trac.webkit.org/changeset/217206 MISC https://webkitgtk.org/security/WSA-2017-0007.html The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products.

CVE-2017-1000123

2017-08-20T20:29:00.187-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12425. Reason: This candidate is a reservation duplicate of CVE-2017-12425. Notes: All CVE users should reference CVE-2017-12425 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2017-1000124

2017-08-20T21:29:00.343-04:00

2017-08-20T21:29:00.357-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11366. Reason: This candidate is a reservation duplicate of CVE-2017-11366. Notes: All CVE users should reference CVE-2017-11366 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/a:codiad:codiad:-

CVE-2017-1000125

2017-11-17T00:29:00.203-05:00

2019-10-02T20:03:26.223-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-12-04T14:43:06.207-05:00

MISC http://www.jianshu.com/p/b09d20af2374 Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.

cpe:/a:exiv2:exiv2:0.26

CVE-2017-1000126

2017-11-17T17:29:00.220-05:00

2017-11-29T14:10:26.193-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-11-28T14:22:29.287-05:00

MLIST [oss-security] 20170630 exiv2: multiple memory safety issues exiv2 0.26 contains a Stack out of bounds read in webp parser

cpe:/a:exiv2:exiv2:0.26

CVE-2017-1000127

2017-11-17T17:29:00.267-05:00

2017-11-29T14:11:43.990-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-11-28T14:22:18.973-05:00

MLIST [oss-security] 20170630 exiv2: multiple memory safety issues Exiv2 0.26 contains a heap buffer overflow in tiff parser

cpe:/a:exiv2:exiv2:0.26

CVE-2017-1000128

2017-11-17T17:29:00.300-05:00

2017-11-29T14:13:09.633-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-11-28T14:21:35.503-05:00

MLIST [oss-security] 20170630 exiv2: multiple memory safety issues Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser

cpe:/a:s9y:serendipity:2.0.3

CVE-2017-1000129

2017-11-17T00:29:00.250-05:00

2017-11-29T14:13:32.587-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-29T11:10:57.257-05:00

MISC https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure

CVE-2017-1000131

2017-11-03T14:29:00.200-04:00

2019-10-02T20:03:26.223-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-12T19:16:34.200-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1084336 Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.

cpe:/a:mahara:mahara:1.8:rc1 cpe:/a:mahara:mahara:1.8:rc2 cpe:/a:mahara:mahara:1.8.0 cpe:/a:mahara:mahara:1.8.1 cpe:/a:mahara:mahara:1.8.2 cpe:/a:mahara:mahara:1.8.3 cpe:/a:mahara:mahara:1.8.4 cpe:/a:mahara:mahara:1.8.5 cpe:/a:mahara:mahara:1.8.6 cpe:/a:mahara:mahara:1.9:rc1 cpe:/a:mahara:mahara:1.9.0 cpe:/a:mahara:mahara:1.9.1 cpe:/a:mahara:mahara:1.9.2 cpe:/a:mahara:mahara:1.9.3 cpe:/a:mahara:mahara:1.9.4 cpe:/a:mahara:mahara:1.10:rc1 cpe:/a:mahara:mahara:1.10.0 cpe:/a:mahara:mahara:1.10.1 cpe:/a:mahara:mahara:1.10.2 cpe:/a:mahara:mahara:15.04:rc1 cpe:/a:mahara:mahara:15.04:rc2

CVE-2017-1000132

2017-11-03T14:29:00.230-04:00

2017-11-15T08:41:12.957-05:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-14T18:11:55.967-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1190788 Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.

CVE-2017-1000133

2017-11-03T14:29:00.277-04:00

2017-11-13T08:06:40.777-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-12T20:19:32.917-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1234615 Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.

cpe:/a:mahara:mahara:1.8:rc1 cpe:/a:mahara:mahara:1.8:rc2 cpe:/a:mahara:mahara:1.8.0 cpe:/a:mahara:mahara:1.8.1 cpe:/a:mahara:mahara:1.8.2 cpe:/a:mahara:mahara:1.8.3 cpe:/a:mahara:mahara:1.8.4 cpe:/a:mahara:mahara:1.8.5 cpe:/a:mahara:mahara:1.9:rc1 cpe:/a:mahara:mahara:1.9.0 cpe:/a:mahara:mahara:1.9.1 cpe:/a:mahara:mahara:1.9.2 cpe:/a:mahara:mahara:1.9.3 cpe:/a:mahara:mahara:1.10:rc1 cpe:/a:mahara:mahara:1.10.0 cpe:/a:mahara:mahara:15.04:rc1 cpe:/a:mahara:mahara:15.04:rc2

CVE-2017-1000134

2017-11-03T14:29:00.307-04:00

2019-10-02T20:03:26.223-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2017-11-14T17:19:04.897-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1267686 Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.

CVE-2017-1000135

2017-11-03T14:29:00.357-04:00

2017-11-15T08:56:53.027-05:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-14T18:11:03.213-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1348024 Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.

cpe:/a:mahara:mahara:1.8:rc1 cpe:/a:mahara:mahara:1.8:rc2 cpe:/a:mahara:mahara:1.8.0 cpe:/a:mahara:mahara:1.8.1 cpe:/a:mahara:mahara:1.8.2 cpe:/a:mahara:mahara:1.8.3 cpe:/a:mahara:mahara:1.8.4 cpe:/a:mahara:mahara:1.8.5 cpe:/a:mahara:mahara:1.9:rc1 cpe:/a:mahara:mahara:1.9.0 cpe:/a:mahara:mahara:1.9.1 cpe:/a:mahara:mahara:1.9.2 cpe:/a:mahara:mahara:1.9.3 cpe:/a:mahara:mahara:1.10:rc1 cpe:/a:mahara:mahara:1.10.0 cpe:/a:mahara:mahara:15.04:rc1 cpe:/a:mahara:mahara:15.04:rc2

CVE-2017-1000136

2017-11-03T14:29:00.387-04:00

2017-11-15T08:58:10.077-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-14T16:52:18.583-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1363873 Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.

cpe:/a:mahara:mahara:1.10:rc1 cpe:/a:mahara:mahara:15.04:rc1 cpe:/a:mahara:mahara:15.04:rc2

CVE-2017-1000137

2017-11-03T14:29:00.417-04:00

2017-11-15T09:09:19.113-05:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-14T17:09:47.920-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1375092 Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).

cpe:/a:mahara:mahara:1.10:rc1 cpe:/a:mahara:mahara:15.04:rc1 cpe:/a:mahara:mahara:15.04:rc2

CVE-2017-1000138

2017-11-03T14:29:00.450-04:00

2017-11-15T09:09:29.757-05:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-14T17:11:38.160-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1377736 Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.

CVE-2017-1000139

2017-11-03T14:29:00.480-04:00

2017-11-15T09:09:47.240-05:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2017-11-14T18:14:44.970-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1397736 Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues.

CVE-2017-1000140

2017-11-03T14:29:00.557-04:00

2017-11-15T09:10:29.917-05:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-14T18:15:32.190-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1404117 Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.

cpe:/a:mahara:mahara:0.9.0 cpe:/a:mahara:mahara:0.9.1 cpe:/a:mahara:mahara:0.9.2 cpe:/a:mahara:mahara:1.0.0 cpe:/a:mahara:mahara:1.0.1 cpe:/a:mahara:mahara:1.0.2 cpe:/a:mahara:mahara:1.0.3 cpe:/a:mahara:mahara:1.0.4 cpe:/a:mahara:mahara:1.0.5 cpe:/a:mahara:mahara:1.0.6 cpe:/a:mahara:mahara:1.0.7 cpe:/a:mahara:mahara:1.0.8 cpe:/a:mahara:mahara:1.0.9 cpe:/a:mahara:mahara:1.0.10 cpe:/a:mahara:mahara:1.0.11 cpe:/a:mahara:mahara:1.0.12 cpe:/a:mahara:mahara:1.0.13 cpe:/a:mahara:mahara:1.0.14 cpe:/a:mahara:mahara:1.0.15 cpe:/a:mahara:mahara:1.1 cpe:/a:mahara:mahara:1.1.0 cpe:/a:mahara:mahara:1.1.0:alpha1 cpe:/a:mahara:mahara:1.1.0:alpha2 cpe:/a:mahara:mahara:1.1.0:alpha3 cpe:/a:mahara:mahara:1.1.0:beta1 cpe:/a:mahara:mahara:1.1.0:beta2 cpe:/a:mahara:mahara:1.1.0:beta3 cpe:/a:mahara:mahara:1.1.0:beta4 cpe:/a:mahara:mahara:1.1.0:rc1 cpe:/a:mahara:mahara:1.1.0:rc2 cpe:/a:mahara:mahara:1.1.1 cpe:/a:mahara:mahara:1.1.2 cpe:/a:mahara:mahara:1.1.3 cpe:/a:mahara:mahara:1.1.4 cpe:/a:mahara:mahara:1.1.5 cpe:/a:mahara:mahara:1.1.6 cpe:/a:mahara:mahara:1.1.7 cpe:/a:mahara:mahara:1.1.8 cpe:/a:mahara:mahara:1.1.9 cpe:/a:mahara:mahara:1.2.0 cpe:/a:mahara:mahara:1.2.0:alpha1 cpe:/a:mahara:mahara:1.2.0:alpha2 cpe:/a:mahara:mahara:1.2.0:alpha3 cpe:/a:mahara:mahara:1.2.0:beta1 cpe:/a:mahara:mahara:1.2.0:beta2 cpe:/a:mahara:mahara:1.2.0:beta3 cpe:/a:mahara:mahara:1.2.0:beta4 cpe:/a:mahara:mahara:1.2.0:rc1 cpe:/a:mahara:mahara:1.2.1 cpe:/a:mahara:mahara:1.2.2 cpe:/a:mahara:mahara:1.2.3 cpe:/a:mahara:mahara:1.2.4 cpe:/a:mahara:mahara:1.2.5 cpe:/a:mahara:mahara:1.2.6 cpe:/a:mahara:mahara:1.2.7 cpe:/a:mahara:mahara:1.2.8 cpe:/a:mahara:mahara:1.2.9 cpe:/a:mahara:mahara:1.3.0 cpe:/a:mahara:mahara:1.3.0:beta1 cpe:/a:mahara:mahara:1.3.0:beta2 cpe:/a:mahara:mahara:1.3.0:beta3 cpe:/a:mahara:mahara:1.3.0:beta4 cpe:/a:mahara:mahara:1.3.0:rc1 cpe:/a:mahara:mahara:1.3.1 cpe:/a:mahara:mahara:1.3.2 cpe:/a:mahara:mahara:1.3.3 cpe:/a:mahara:mahara:1.3.4 cpe:/a:mahara:mahara:1.3.5 cpe:/a:mahara:mahara:1.3.6 cpe:/a:mahara:mahara:1.3.7 cpe:/a:mahara:mahara:1.3.8 cpe:/a:mahara:mahara:1.4:rc1 cpe:/a:mahara:mahara:1.4:rc2 cpe:/a:mahara:mahara:1.4:rc3 cpe:/a:mahara:mahara:1.4:rc4 cpe:/a:mahara:mahara:1.4.0 cpe:/a:mahara:mahara:1.4.1 cpe:/a:mahara:mahara:1.4.2 cpe:/a:mahara:mahara:1.4.3 cpe:/a:mahara:mahara:1.4.4 cpe:/a:mahara:mahara:1.4.5 cpe:/a:mahara:mahara:1.4.6 cpe:/a:mahara:mahara:1.5:rc1 cpe:/a:mahara:mahara:1.5:rc2 cpe:/a:mahara:mahara:1.5.0 cpe:/a:mahara:mahara:1.5.1 cpe:/a:mahara:mahara:1.5.2 cpe:/a:mahara:mahara:1.5.3 cpe:/a:mahara:mahara:1.5.4 cpe:/a:mahara:mahara:1.5.6 cpe:/a:mahara:mahara:1.5.7 cpe:/a:mahara:mahara:1.5.8 cpe:/a:mahara:mahara:1.5.9 cpe:/a:mahara:mahara:1.5.10 cpe:/a:mahara:mahara:1.5.11 cpe:/a:mahara:mahara:1.5.12 cpe:/a:mahara:mahara:1.5.13 cpe:/a:mahara:mahara:1.6.0 cpe:/a:mahara:mahara:1.6.1 cpe:/a:mahara:mahara:1.6.2 cpe:/a:mahara:mahara:1.6.3 cpe:/a:mahara:mahara:1.6.4 cpe:/a:mahara:mahara:1.6.5 cpe:/a:mahara:mahara:1.6.6 cpe:/a:mahara:mahara:1.6.7 cpe:/a:mahara:mahara:1.6.8 cpe:/a:mahara:mahara:1.6.9 cpe:/a:mahara:mahara:1.6.10 cpe:/a:mahara:mahara:1.7.:rc1 cpe:/a:mahara:mahara:1.7.0 cpe:/a:mahara:mahara:1.7.0:- cpe:/a:mahara:mahara:1.7.1 cpe:/a:mahara:mahara:1.7.2 cpe:/a:mahara:mahara:1.7.3 cpe:/a:mahara:mahara:1.7.4 cpe:/a:mahara:mahara:1.7.5 cpe:/a:mahara:mahara:1.7.6 cpe:/a:mahara:mahara:1.7.7 cpe:/a:mahara:mahara:1.7.8 cpe:/a:mahara:mahara:1.8:rc1 cpe:/a:mahara:mahara:1.8:rc2 cpe:/a:mahara:mahara:1.8.0 cpe:/a:mahara:mahara:1.8.1 cpe:/a:mahara:mahara:1.8.2 cpe:/a:mahara:mahara:1.8.3 cpe:/a:mahara:mahara:1.8.4 cpe:/a:mahara:mahara:1.8.5 cpe:/a:mahara:mahara:1.8.6 cpe:/a:mahara:mahara:1.8.7 cpe:/a:mahara:mahara:1.9:rc1 cpe:/a:mahara:mahara:1.9.0 cpe:/a:mahara:mahara:1.9.1 cpe:/a:mahara:mahara:1.9.2 cpe:/a:mahara:mahara:1.9.3 cpe:/a:mahara:mahara:1.9.4 cpe:/a:mahara:mahara:1.9.5 cpe:/a:mahara:mahara:1.9.6 cpe:/a:mahara:mahara:1.9.7 cpe:/a:mahara:mahara:1.9.8 cpe:/a:mahara:mahara:1.9.9 cpe:/a:mahara:mahara:1.10:rc1 cpe:/a:mahara:mahara:1.10.0 cpe:/a:mahara:mahara:1.10.1 cpe:/a:mahara:mahara:1.10.2 cpe:/a:mahara:mahara:1.10.3 cpe:/a:mahara:mahara:1.10.4 cpe:/a:mahara:mahara:1.10.5 cpe:/a:mahara:mahara:1.10.6 cpe:/a:mahara:mahara:1.10.7 cpe:/a:mahara:mahara:1.10.8 cpe:/a:mahara:mahara:1.10.9 cpe:/a:mahara:mahara:1.10.10 cpe:/a:mahara:mahara:15.04:rc1 cpe:/a:mahara:mahara:15.04:rc2 cpe:/a:mahara:mahara:15.04.0 cpe:/a:mahara:mahara:15.04.1 cpe:/a:mahara:mahara:15.04.2 cpe:/a:mahara:mahara:15.04.3 cpe:/a:mahara:mahara:15.04.4 cpe:/a:mahara:mahara:15.04.5 cpe:/a:mahara:mahara:15.04.6 cpe:/a:mahara:mahara:15.04.7 cpe:/a:mahara:mahara:15.04.8 cpe:/a:mahara:mahara:15.04.9 cpe:/a:mahara:mahara:15.04.10 cpe:/a:mahara:mahara:15.04.11 cpe:/a:mahara:mahara:15.04.12 cpe:/a:mahara:mahara:15.04.13 cpe:/a:mahara:mahara:15.04.14 cpe:/a:mahara:mahara:15.04.15 cpe:/a:mahara:mahara:15.10:rc1 cpe:/a:mahara:mahara:15.10:rc2 cpe:/a:mahara:mahara:15.10.0 cpe:/a:mahara:mahara:15.10.1 cpe:/a:mahara:mahara:15.10.2 cpe:/a:mahara:mahara:15.10.3 cpe:/a:mahara:mahara:15.10.4 cpe:/a:mahara:mahara:15.10.5 cpe:/a:mahara:mahara:15.10.6 cpe:/a:mahara:mahara:15.10.7 cpe:/a:mahara:mahara:15.10.8 cpe:/a:mahara:mahara:16.04:rc1 cpe:/a:mahara:mahara:16.04:rc2 cpe:/a:mahara:mahara:16.04.0 cpe:/a:mahara:mahara:16.04.1 cpe:/a:mahara:mahara:16.04.2 cpe:/a:mahara:mahara:16.04.3 cpe:/a:mahara:mahara:16.04.4 cpe:/a:mahara:mahara:16.04.5 cpe:/a:mahara:mahara:16.04.6 cpe:/a:mahara:mahara:16.04.7 cpe:/a:mahara:mahara:16.04.8 cpe:/a:mahara:mahara:16.04.9 cpe:/a:mahara:mahara:16.10:rc1 cpe:/a:mahara:mahara:16.10:rc2 cpe:/a:mahara:mahara:16.10.0 cpe:/a:mahara:mahara:16.10.1 cpe:/a:mahara:mahara:16.10.2 cpe:/a:mahara:mahara:16.10.3 cpe:/a:mahara:mahara:16.10.4 cpe:/a:mahara:mahara:16.10.5 cpe:/a:mahara:mahara:16.10.6 cpe:/a:mahara:mahara:16.10.7 cpe:/a:mahara:mahara:16.10.8 cpe:/a:mahara:mahara:16.10.9 cpe:/a:mahara:mahara:17.04:rc1 cpe:/a:mahara:mahara:17.04:rc2 cpe:/a:mahara:mahara:17.04.0 cpe:/a:mahara:mahara:17.04.1 cpe:/a:mahara:mahara:17.04.2 cpe:/a:mahara:mahara:17.04.3 cpe:/a:mahara:mahara:17.04.4 cpe:/a:mahara:mahara:17.04.5 cpe:/a:mahara:mahara:17.04.6 cpe:/a:mahara:mahara:17.04.7 cpe:/a:mahara:mahara:17.04.8 cpe:/a:mahara:mahara:17.10.0 cpe:/a:mahara:mahara:17.10.1 cpe:/a:mahara:mahara:17.10.2 cpe:/a:mahara:mahara:17.10.3 cpe:/a:mahara:mahara:17.10.4 cpe:/a:mahara:mahara:17.10.5 cpe:/a:mahara:mahara:17.10.8 cpe:/a:mahara:mahara:18.04.0 cpe:/a:mahara:mahara:18.04.4

CVE-2017-1000141

2018-01-30T14:29:00.213-05:00

2018-06-13T12:54:33.713-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2018-06-05T10:15:17.603-04:00

CONFIRM https://bugs.launchpad.net/mahara/+bug/1422492 An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address.

CVE-2017-1000142

2017-11-03T14:29:00.620-04:00

2019-10-02T20:03:26.223-04:00

5.5

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov

2017-11-14T18:16:18.613-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1425306 Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation.

CVE-2017-1000143

2017-11-03T14:29:00.653-04:00

2017-11-15T09:11:40.907-05:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-14T17:34:55.740-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1429647 Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.

cpe:/a:mahara:mahara:1.9:rc1 cpe:/a:mahara:mahara:1.9.0 cpe:/a:mahara:mahara:1.9.1 cpe:/a:mahara:mahara:1.9.2 cpe:/a:mahara:mahara:1.9.3 cpe:/a:mahara:mahara:1.9.4 cpe:/a:mahara:mahara:1.9.5 cpe:/a:mahara:mahara:1.10:rc1 cpe:/a:mahara:mahara:1.10.0 cpe:/a:mahara:mahara:1.10.1 cpe:/a:mahara:mahara:1.10.2 cpe:/a:mahara:mahara:1.10.3 cpe:/a:mahara:mahara:15.04:rc1 cpe:/a:mahara:mahara:15.04:rc2 cpe:/a:mahara:mahara:15.04.0

CVE-2017-1000144

2017-11-03T14:29:00.683-04:00

2017-11-15T09:11:55.530-05:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-14T17:37:49.557-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1447377 Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages.

cpe:/a:mahara:mahara:1.9:rc1 cpe:/a:mahara:mahara:1.9.0 cpe:/a:mahara:mahara:1.9.1 cpe:/a:mahara:mahara:1.9.2 cpe:/a:mahara:mahara:1.9.3 cpe:/a:mahara:mahara:1.9.4 cpe:/a:mahara:mahara:1.9.5 cpe:/a:mahara:mahara:1.9.6 cpe:/a:mahara:mahara:1.10:rc1 cpe:/a:mahara:mahara:1.10.0 cpe:/a:mahara:mahara:1.10.1 cpe:/a:mahara:mahara:1.10.2 cpe:/a:mahara:mahara:1.10.3 cpe:/a:mahara:mahara:1.10.4 cpe:/a:mahara:mahara:15.04:rc1 cpe:/a:mahara:mahara:15.04:rc2 cpe:/a:mahara:mahara:15.04.0 cpe:/a:mahara:mahara:15.04.1

CVE-2017-1000145

2017-11-03T14:29:00.713-04:00

2019-10-02T20:03:26.223-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-14T17:41:11.530-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1460368 Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.

cpe:/a:mahara:mahara:1.9:rc1 cpe:/a:mahara:mahara:1.9.0 cpe:/a:mahara:mahara:1.9.1 cpe:/a:mahara:mahara:1.9.2 cpe:/a:mahara:mahara:1.9.3 cpe:/a:mahara:mahara:1.9.4 cpe:/a:mahara:mahara:1.9.5 cpe:/a:mahara:mahara:1.9.6 cpe:/a:mahara:mahara:1.10:rc1 cpe:/a:mahara:mahara:1.10.0 cpe:/a:mahara:mahara:1.10.1 cpe:/a:mahara:mahara:1.10.2 cpe:/a:mahara:mahara:1.10.3 cpe:/a:mahara:mahara:1.10.4 cpe:/a:mahara:mahara:15.04:rc1 cpe:/a:mahara:mahara:15.04:rc2 cpe:/a:mahara:mahara:15.04.0 cpe:/a:mahara:mahara:15.04.1

CVE-2017-1000146

2017-11-03T14:29:00.760-04:00

2017-11-15T09:12:44.800-05:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-14T17:46:07.203-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1472439 Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages.

cpe:/a:mahara:mahara:1.9:rc1 cpe:/a:mahara:mahara:1.9.0 cpe:/a:mahara:mahara:1.9.1 cpe:/a:mahara:mahara:1.9.2 cpe:/a:mahara:mahara:1.9.3 cpe:/a:mahara:mahara:1.9.4 cpe:/a:mahara:mahara:1.9.5 cpe:/a:mahara:mahara:1.9.6 cpe:/a:mahara:mahara:1.9.7 cpe:/a:mahara:mahara:1.10:rc1 cpe:/a:mahara:mahara:1.10.0 cpe:/a:mahara:mahara:1.10.1 cpe:/a:mahara:mahara:1.10.2 cpe:/a:mahara:mahara:1.10.3 cpe:/a:mahara:mahara:1.10.4 cpe:/a:mahara:mahara:1.10.5 cpe:/a:mahara:mahara:15.04:rc1 cpe:/a:mahara:mahara:15.04:rc2 cpe:/a:mahara:mahara:15.04.0 cpe:/a:mahara:mahara:15.04.1 cpe:/a:mahara:mahara:15.04.2

CVE-2017-1000147

2017-11-03T14:29:00.793-04:00

2017-11-15T09:13:18.990-05:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2017-11-14T17:47:59.807-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1480329 Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.

CVE-2017-1000148

2017-11-03T14:29:00.840-04:00

2019-10-02T20:03:26.223-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2017-11-12T19:11:30.433-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1508684 Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.

cpe:/a:mahara:mahara:1.10:rc1 cpe:/a:mahara:mahara:1.10.0 cpe:/a:mahara:mahara:1.10.1 cpe:/a:mahara:mahara:1.10.2 cpe:/a:mahara:mahara:1.10.3 cpe:/a:mahara:mahara:1.10.4 cpe:/a:mahara:mahara:1.10.5 cpe:/a:mahara:mahara:1.10.6 cpe:/a:mahara:mahara:1.10.7 cpe:/a:mahara:mahara:1.10.8 cpe:/a:mahara:mahara:15.04:rc1 cpe:/a:mahara:mahara:15.04:rc2 cpe:/a:mahara:mahara:15.04.0 cpe:/a:mahara:mahara:15.04.1 cpe:/a:mahara:mahara:15.04.2 cpe:/a:mahara:mahara:15.04.3 cpe:/a:mahara:mahara:15.04.4 cpe:/a:mahara:mahara:15.04.5 cpe:/a:mahara:mahara:15.10:rc1 cpe:/a:mahara:mahara:15.10:rc2 cpe:/a:mahara:mahara:15.10.0 cpe:/a:mahara:mahara:15.10.1

CVE-2017-1000149

2017-11-03T14:29:00.870-04:00

2017-11-15T09:13:28.460-05:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-14T17:15:29.733-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1558361 Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())

CVE-2017-1000150

2017-11-03T14:29:00.903-04:00

2017-11-13T11:00:11.867-05:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2017-11-12T18:59:55.603-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1567784 Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.

CVE-2017-1000151

2017-11-03T14:29:00.933-04:00

2017-11-13T10:53:00.510-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-12T17:21:37.803-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1570221 Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.

CVE-2017-1000152

2017-11-03T14:29:00.980-04:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-12T20:24:56.173-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1570744 Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings.

cpe:/a:mahara:mahara:15.04:rc1 cpe:/a:mahara:mahara:15.04:rc2 cpe:/a:mahara:mahara:15.04.0 cpe:/a:mahara:mahara:15.04.1 cpe:/a:mahara:mahara:15.04.2 cpe:/a:mahara:mahara:15.04.3 cpe:/a:mahara:mahara:15.04.4 cpe:/a:mahara:mahara:15.04.5 cpe:/a:mahara:mahara:15.04.6 cpe:/a:mahara:mahara:15.04.7 cpe:/a:mahara:mahara:15.04.8 cpe:/a:mahara:mahara:15.04.9 cpe:/a:mahara:mahara:15.10.0 cpe:/a:mahara:mahara:15.10.1 cpe:/a:mahara:mahara:15.10.2 cpe:/a:mahara:mahara:15.10.3 cpe:/a:mahara:mahara:15.10.4 cpe:/a:mahara:mahara:15.10.5 cpe:/a:mahara:mahara:16.04:rc1 cpe:/a:mahara:mahara:16.04:rc2 cpe:/a:mahara:mahara:16.04.0 cpe:/a:mahara:mahara:16.04.1 cpe:/a:mahara:mahara:16.04.2 cpe:/a:mahara:mahara:16.04.3

CVE-2017-1000153

2017-11-03T14:29:01.027-04:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-12T17:05:22.293-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1577251 Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account.

CVE-2017-1000154

2017-11-03T14:29:01.057-04:00

2017-11-13T10:46:50.407-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-12T17:05:45.077-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1580399 Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.

CVE-2017-1000155

2017-11-03T14:29:01.090-04:00

2017-11-13T10:43:33.590-05:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-12T17:07:25.037-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1600069 Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.

CVE-2017-1000156

2017-11-03T14:29:01.137-04:00

2019-10-02T20:03:26.223-04:00

5.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-12T17:09:23.233-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1609200 Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.

cpe:/a:mahara:mahara:15.04:rc1 cpe:/a:mahara:mahara:15.04:rc2 cpe:/a:mahara:mahara:15.04.0 cpe:/a:mahara:mahara:15.04.1 cpe:/a:mahara:mahara:15.04.2 cpe:/a:mahara:mahara:15.04.3 cpe:/a:mahara:mahara:15.04.4 cpe:/a:mahara:mahara:15.04.5 cpe:/a:mahara:mahara:15.04.6 cpe:/a:mahara:mahara:15.04.7 cpe:/a:mahara:mahara:15.04.8 cpe:/a:mahara:mahara:15.04.9 cpe:/a:mahara:mahara:15.04.10 cpe:/a:mahara:mahara:15.04.11 cpe:/a:mahara:mahara:15.04.12 cpe:/a:mahara:mahara:16.04:rc1 cpe:/a:mahara:mahara:16.04:rc2 cpe:/a:mahara:mahara:16.04.0 cpe:/a:mahara:mahara:16.04.1 cpe:/a:mahara:mahara:16.04.2 cpe:/a:mahara:mahara:16.04.3 cpe:/a:mahara:mahara:16.04.4 cpe:/a:mahara:mahara:16.04.5 cpe:/a:mahara:mahara:16.04.6 cpe:/a:mahara:mahara:16.10:rc1 cpe:/a:mahara:mahara:16.10:rc2 cpe:/a:mahara:mahara:16.10.0 cpe:/a:mahara:mahara:16.10.1 cpe:/a:mahara:mahara:16.10.2 cpe:/a:mahara:mahara:16.10.3 cpe:/a:mahara:mahara:17.04:rc1 cpe:/a:mahara:mahara:17.04:rc2 cpe:/a:mahara:mahara:17.04.0 cpe:/a:mahara:mahara:17.04.1

CVE-2017-1000157

2017-11-03T14:29:01.167-04:00

2017-11-13T09:57:50.327-05:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-12T17:17:43.077-05:00

MISC https://bugs.launchpad.net/mahara/+bug/1692749 Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on.

cpe:/a:python:python:2.7.13 cpe:/o:debian:debian_linux:7.0 cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0

CVE-2017-1000158

2017-11-17T00:29:00.280-05:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2019-05-03T08:36:55.823-04:00

SECTRACK 1039890 MISC https://bugs.python.org/issue30657 MLIST [debian-lts-announce] 20171124 [SECURITY] [DLA 1189-1] python2.7 security update MLIST [debian-lts-announce] 20171124 [SECURITY] [DLA 1190-1] python2.6 security update MLIST [debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update MLIST [debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update GENTOO GLSA-201805-02 DEBIAN DSA-4307 CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

CVE-2017-1000159

2017-11-27T10:29:00.243-05:00

2019-10-02T20:03:26.223-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM https://bugzilla.gnome.org/show_bug.cgi?id=784947 MLIST [debian-lts-announce] 20171211 [SECURITY] [DLA 1204-1] evince security update MLIST [debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update MLIST [debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update GENTOO GLSA-201804-15 Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.

cpe:/a:ellislab:expressionengine:3.4.2

CVE-2017-1000160

2017-11-17T00:29:00.313-05:00

2017-12-01T10:14:59.467-05:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-30T19:50:02.130-05:00

MISC https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3 EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection

CVE-2017-1000161

2017-11-17T14:29:00.173-05:00

2017-11-17T14:29:00.187-05:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.

CVE-2017-1000162

2017-08-20T20:29:00.217-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12474, CVE-2017-12475, CVE-2017-12476. Reason: This candidate is a reservation duplicate of CVE-2017-12474, CVE-2017-12475, and CVE-2017-12476. Notes: All CVE users should reference CVE-2017-12474, CVE-2017-12475, and/or CVE-2017-12476 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/a:phoenixframework:phoenix:1.0.0 cpe:/a:phoenixframework:phoenix:1.0.1 cpe:/a:phoenixframework:phoenix:1.0.2 cpe:/a:phoenixframework:phoenix:1.0.3 cpe:/a:phoenixframework:phoenix:1.0.4 cpe:/a:phoenixframework:phoenix:1.1.0 cpe:/a:phoenixframework:phoenix:1.1.1 cpe:/a:phoenixframework:phoenix:1.1.2 cpe:/a:phoenixframework:phoenix:1.1.3 cpe:/a:phoenixframework:phoenix:1.1.4 cpe:/a:phoenixframework:phoenix:1.1.5 cpe:/a:phoenixframework:phoenix:1.1.6 cpe:/a:phoenixframework:phoenix:1.2.0 cpe:/a:phoenixframework:phoenix:1.2.2 cpe:/a:phoenixframework:phoenix:1.3.0-rc.0

CVE-2017-1000163

2017-11-17T16:29:00.230-05:00

2017-12-03T10:54:51.163-05:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-12-02T15:29:47.127-05:00

CONFIRM https://elixirforum.com/t/security-releases-for-phoenix/4143 The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.

cpe:/a:tine20:tine_2.0:2017.02.4

CVE-2017-1000164

2017-11-17T00:29:00.343-05:00

2017-11-29T14:17:55.857-05:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-29T10:43:45.760-05:00

MISC https://forge.tine20.org/view.php?id=13228 Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation

CVE-2017-1000165

2017-08-20T20:29:00.247-04:00

CVE-2017-1000166

2017-08-20T20:29:00.280-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the Primary CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2017-1000167

2017-08-20T20:29:00.327-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the Primary CNA. Further investigation showed that it was not a security issue. Notes: none.

cpe:/a:sodiumoxide_project:sodiumoxide:0.0.13

CVE-2017-1000168

2017-11-17T13:29:00.200-05:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-12-04T22:05:02.877-05:00

CONFIRM https://github.com/dnaq/sodiumoxide/issues/154 sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys

cpe:/a:quickerbb_project:quickerbb:0.7.2

CVE-2017-1000169

2017-11-17T13:29:00.247-05:00

2017-12-02T07:47:37.577-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-01T22:31:00.023-05:00

CONFIRM https://github.com/halojoy/QuickerBB/issues/10 QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.

cpe:/a:jqueryfiletree_project:jqueryfiletree:2.1.5

CVE-2017-1000170

2017-11-17T13:29:00.297-05:00

2017-12-01T09:18:09.630-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-30T23:18:54.110-05:00

MISC https://github.com/jqueryfiletree/jqueryfiletree/issues/66 jqueryFileTree 2.1.5 and older Directory Traversal

cpe:/a:mahara:mahara_mobile:1.2.0

CVE-2017-1000171

2017-11-03T14:29:01.200-04:00

2017-11-22T11:46:50.013-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-22T11:05:37.833-05:00

MISC https://github.com/MaharaProject/mahara-mobile/issues/33 Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.

cpe:/a:creolabs:gravity:1.0

CVE-2017-1000172

2017-11-16T22:29:00.190-05:00

2017-11-30T06:55:37.670-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-29T23:02:49.380-05:00

MISC https://github.com/marcobambini/gravity/issues/144 Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free condition.

cpe:/a:creolabs:gravity:1.0

CVE-2017-1000173

2017-11-16T22:29:00.220-05:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-29T23:00:04.920-05:00

MISC https://github.com/marcobambini/gravity/issues/172 Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow.

cpe:/a:swftools:swftools:-

CVE-2017-1000174

2017-11-16T20:29:00.200-05:00

2017-11-27T07:50:36.830-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-11-24T14:02:54.027-05:00

MISC https://github.com/matthiaskramm/swftools/issues/21 In SWFTools, an address access exception was found in swfdump swf_GetBits().

CVE-2017-1000175

2017-08-20T18:29:00.183-04:00

2017-08-20T18:29:00.200-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the Primary CNA. Further investigation showed that it was not a security issue. Notes: none.

cpe:/a:swftools:swftools:-

CVE-2017-1000176

2017-11-16T20:29:00.263-05:00

2017-11-27T07:42:30.177-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-11-24T14:01:47.103-05:00

MISC https://github.com/matthiaskramm/swftools/issues/23 In SWFTools, a memcpy buffer overflow was found in swfc.

CVE-2017-1000177

2017-08-20T18:29:00.230-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11097. Reason: This candidate is a reservation duplicate of CVE-2017-11097. Notes: All CVE users should reference CVE-2017-11097 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2017-1000178

2017-08-20T18:29:00.263-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11096. Reason: This candidate is a reservation duplicate of CVE-2017-11096. Notes: All CVE users should reference CVE-2017-11096 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2017-1000179

2017-08-20T18:29:00.293-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11101. Reason: This candidate is a reservation duplicate of CVE-2017-11101. Notes: All CVE users should reference CVE-2017-11101 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2017-1000180

2017-08-20T18:29:00.327-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11100. Reason: This candidate is a reservation duplicate of CVE-2017-11100. Notes: All CVE users should reference CVE-2017-11100 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2017-1000181

2017-08-20T18:29:00.357-04:00

2017-08-20T18:29:00.373-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-10976. Reason: This candidate is a reservation duplicate of CVE-2017-10976. Notes: All CVE users should reference CVE-2017-10976 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/a:swftools:swftools:-

CVE-2017-1000182

2017-11-16T20:29:00.310-05:00

2019-10-02T20:03:26.223-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-11-24T14:01:05.870-05:00

MISC https://github.com/matthiaskramm/swftools/issues/30 In SWFTools, a memory leak was found in wav2swf.

CVE-2017-1000183

2017-08-20T18:29:00.403-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11099. Reason: This candidate is a reservation duplicate of CVE-2017-11099. Notes: All CVE users should reference CVE-2017-11099 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2017-1000184

2017-08-20T18:29:00.433-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11098. Reason: This candidate is a reservation duplicate of CVE-2017-11098. Notes: All CVE users should reference CVE-2017-11098 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/a:swftools:swftools:-

CVE-2017-1000185

2017-11-16T20:29:00.340-05:00

2017-11-27T07:40:37.130-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-11-24T14:00:15.227-05:00

MISC https://github.com/matthiaskramm/swftools/issues/33 In SWFTools, a memcpy buffer overflow was found in gif2swf.

cpe:/a:swftools:swftools:-

CVE-2017-1000186

2017-11-16T20:29:00.373-05:00

2017-11-27T07:37:04.560-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-11-24T13:58:29.883-05:00

MISC https://github.com/matthiaskramm/swftools/issues/34 In SWFTools, a stack overflow was found in pdf2swf.

cpe:/a:swftools:swftools:-

CVE-2017-1000187

2017-11-16T20:29:00.403-05:00

2017-11-27T07:36:21.277-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-11-24T13:51:27.547-05:00

MISC https://github.com/matthiaskramm/swftools/issues/36 In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()

cpe:/a:ejs:ejs:2.0.1 cpe:/a:ejs:ejs:2.0.2 cpe:/a:ejs:ejs:2.0.3 cpe:/a:ejs:ejs:2.0.4 cpe:/a:ejs:ejs:2.0.5 cpe:/a:ejs:ejs:2.0.6 cpe:/a:ejs:ejs:2.0.7 cpe:/a:ejs:ejs:2.0.8 cpe:/a:ejs:ejs:2.1.1 cpe:/a:ejs:ejs:2.1.2 cpe:/a:ejs:ejs:2.1.3 cpe:/a:ejs:ejs:2.1.4 cpe:/a:ejs:ejs:2.2.1 cpe:/a:ejs:ejs:2.2.2 cpe:/a:ejs:ejs:2.2.3 cpe:/a:ejs:ejs:2.2.4 cpe:/a:ejs:ejs:2.3.1 cpe:/a:ejs:ejs:2.3.2 cpe:/a:ejs:ejs:2.3.3 cpe:/a:ejs:ejs:2.3.4 cpe:/a:ejs:ejs:2.4.1 cpe:/a:ejs:ejs:2.4.2 cpe:/a:ejs:ejs:2.5.1 cpe:/a:ejs:ejs:2.5.2 cpe:/a:ejs:ejs:2.5.3 cpe:/a:ejs:ejs:2.5.4

CVE-2017-1000188

2017-11-16T22:29:00.267-05:00

2017-11-30T06:57:32.303-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-29T14:49:37.010-05:00

BID 101889 MISC https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection

CVE-2017-1000189

2017-11-16T22:29:00.300-05:00

2017-11-30T06:58:34.227-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-29T14:48:12.947-05:00

BID 101893 MISC https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()

cpe:/a:simplexml_project:simplexml:2.7.1

CVE-2017-1000190

2017-11-17T16:29:00.277-05:00

2019-07-23T16:15:11.250-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

PARTIAL

http://nvd.nist.gov CONFIRM https://github.com/ngallagher/simplexml/issues/18 MLIST [lucene-dev] 20190723 [jira] [Updated] (SOLR-13648) vulnerable simple-xml-2.7.1.jar SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.

cpe:/a:jool:jool:3.5.0 cpe:/a:jool:jool:3.5.1

CVE-2017-1000191

2017-11-17T12:29:00.227-05:00

2017-12-04T16:31:29.947-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-04T12:06:59.810-05:00

CONFIRM https://github.com/NICMx/Jool/issues/232 Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.

cpe:/a:cygnux:syspass:2.1.7

CVE-2017-1000192

2017-11-17T12:29:00.257-05:00

2019-10-02T20:03:26.223-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-12-01T22:46:57.063-05:00

CONFIRM https://github.com/nuxsmin/sysPass/releases/tag/2.1.8.17042901 Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information.

cpe:/a:octobercms:october_cms:1.0.412

CVE-2017-1000193

2017-11-16T21:29:00.737-05:00

2017-11-30T11:26:31.407-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-28T12:53:16.383-05:00

MISC https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-66d6dfe5e11488e1afefcb69b8bdaabfR31 October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.

cpe:/a:octobercms:october_cms:1.0.412

CVE-2017-1000194

2017-11-16T21:29:00.787-05:00

2017-11-30T11:38:17.067-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-28T12:54:32.947-05:00

MISC https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R224 October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.

cpe:/a:octobercms:october_cms:1.0.412

CVE-2017-1000195

2017-11-16T21:29:00.817-05:00

2019-10-02T20:03:26.223-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-30T11:45:05.423-05:00

MISC https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R317 October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.

cpe:/a:octobercms:october_cms:1.0.412

CVE-2017-1000196

2017-11-16T21:29:00.847-05:00

2017-11-30T11:40:24.620-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-28T12:56:41.430-05:00

MISC https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R49 October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.

cpe:/a:octobercms:october_cms:1.0.412

CVE-2017-1000197

2017-11-16T21:29:00.897-05:00

2017-11-30T11:43:31.127-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-28T12:58:10.147-05:00

MISC https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-eef90a4e3585febf6489916dc242d0ceR241 October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.

cpe:/a:tcmu-runner_project:tcmu-runner:0.9.0 cpe:/a:tcmu-runner_project:tcmu-runner:0.9.1 cpe:/a:tcmu-runner_project:tcmu-runner:0.9.2 cpe:/a:tcmu-runner_project:tcmu-runner:0.9.3 cpe:/a:tcmu-runner_project:tcmu-runner:0.9.4 cpe:/a:tcmu-runner_project:tcmu-runner:1.0.5 cpe:/a:tcmu-runner_project:tcmu-runner:1.1.0 cpe:/a:tcmu-runner_project:tcmu-runner:1.1.1 cpe:/a:tcmu-runner_project:tcmu-runner:1.1.2 cpe:/a:tcmu-runner_project:tcmu-runner:1.1.3 cpe:/a:tcmu-runner_project:tcmu-runner:1.2.0

CVE-2017-1000198

2017-11-16T21:29:00.927-05:00

2017-12-01T21:29:01.437-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov REDHAT RHSA-2017:3277 MISC https://github.com/open-iscsi/tcmu-runner/commit/61bd03e600d2abf309173e9186f4d465bb1b7157 tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service

cpe:/a:tcmu-runner_project:tcmu-runner:0.9.1 cpe:/a:tcmu-runner_project:tcmu-runner:0.9.2 cpe:/a:tcmu-runner_project:tcmu-runner:0.9.3 cpe:/a:tcmu-runner_project:tcmu-runner:0.9.4 cpe:/a:tcmu-runner_project:tcmu-runner:1.0.5 cpe:/a:tcmu-runner_project:tcmu-runner:1.1.0 cpe:/a:tcmu-runner_project:tcmu-runner:1.1.1 cpe:/a:tcmu-runner_project:tcmu-runner:1.1.2 cpe:/a:tcmu-runner_project:tcmu-runner:1.1.3 cpe:/a:tcmu-runner_project:tcmu-runner:1.2.0

CVE-2017-1000199

2017-11-16T21:29:00.957-05:00

2017-12-01T21:29:01.500-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov REDHAT RHSA-2017:3277 MISC https://github.com/open-iscsi/tcmu-runner/issues/194 tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.

cpe:/a:oracle:hospitality_inventory_management:8.5.1 cpe:/a:oracle:hospitality_inventory_management:9.0.0

CVE-2017-10002

2017-08-08T11:29:00.257-04:00

2019-10-02T20:03:26.223-04:00

5.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2017-08-10T11:19:21.237-04:00

CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html BID 99699 SECTRACK 1038941 Vulnerability in the Oracle Hospitality Inventory Management component of Oracle Hospitality Applications (subcomponent: Settings and Config). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Inventory Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

cpe:/a:tcmu-runner_project:tcmu-runner:1.0.5 cpe:/a:tcmu-runner_project:tcmu-runner:1.1.0 cpe:/a:tcmu-runner_project:tcmu-runner:1.1.1 cpe:/a:tcmu-runner_project:tcmu-runner:1.1.2 cpe:/a:tcmu-runner_project:tcmu-runner:1.1.3 cpe:/a:tcmu-runner_project:tcmu-runner:1.2.0

CVE-2017-1000200

2017-11-16T21:29:00.987-05:00

2017-12-01T21:29:01.547-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov REDHAT RHSA-2017:3277 MISC https://github.com/open-iscsi/tcmu-runner/pull/200/commits/bb80e9c7a798f035768260ebdadffb6eb0786178 tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service

CVE-2017-1000201

2017-11-16T21:29:01.020-05:00

2017-12-01T21:29:01.593-05:00

2.1

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov REDHAT RHSA-2017:3277 MISC https://github.com/open-iscsi/tcmu-runner/pull/200/commits/e2d953050766ac538615a811c64b34358614edce The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack

CVE-2017-1000202

2017-08-20T20:29:00.357-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12933. Reason: This candidate is a reservation duplicate of CVE-2017-12933. Notes: All CVE users should reference CVE-2017-12933 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/a:cern:root:6.9.03

CVE-2017-1000203

2017-11-17T10:29:00.233-05:00

2019-10-02T20:03:26.223-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

2017-12-04T11:34:12.877-05:00

CONFIRM https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution

CVE-2017-1000204

2017-11-17T15:29:00.247-05:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9920. Reason: This candidate is a reservation duplicate of CVE-2016-9920. Notes: All CVE users should reference CVE-2016-9920 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2017-1000205

2017-08-20T20:29:00.390-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9091. Reason: This candidate is a reservation duplicate of CVE-2017-9091. Notes: All CVE users should reference CVE-2017-9091 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/a:htslib:htslib:1.4.0

CVE-2017-1000206

2017-11-17T10:29:00.280-05:00

2017-12-01T09:46:31.670-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-30T23:15:32.840-05:00

CONFIRM https://github.com/samtools/htslib/blob/1.4.1/NEWS samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution

cpe:/a:swagger:swagger-codegen:2.2.2 cpe:/a:swagger:swagger-parser:1.0.30

CVE-2017-1000207

2017-11-27T10:29:00.303-05:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-12-08T13:00:52.247-05:00

CONFIRM https://github.com/swagger-api/swagger-parser/pull/481 MISC https://lgtm.com/blog/swagger_snakeyaml_CVE-2017-1000207_CVE-2017-1000208 A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.

cpe:/a:swagger:swagger-codegen:2.2.2 cpe:/a:swagger:swagger-parser:1.0.30

CVE-2017-1000208

2017-11-16T21:29:01.050-05:00

2019-10-02T20:03:26.223-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2017-12-05T15:06:29.947-05:00

CONFIRM https://github.com/swagger-api/swagger-parser/releases/tag/v1.0.31 MISC https://lgtm.com/blog/swagger_snakeyaml_CVE-2017-1000207_CVE-2017-1000208 A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.

cpe:/a:nv-websocket-client_project:nv-websocket-client:2.2

CVE-2017-1000209

2017-11-16T21:29:01.097-05:00

2017-12-05T09:34:36.123-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-12-04T21:13:25.633-05:00

CONFIRM https://github.com/TakahikoKawasaki/nv-websocket-client/pull/107 The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate.

cpe:/a:altran:picotcp:1.5.0 cpe:/a:altran:picotcp:1.5.1 cpe:/a:altran:picotcp:1.6.0 cpe:/a:altran:picotcp:1.6.1 cpe:/a:altran:picotcp:1.6.2 cpe:/a:altran:picotcp:1.7.0

CVE-2017-1000210

2017-11-16T20:29:00.450-05:00

2017-11-29T14:38:36.890-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-29T14:26:49.113-05:00

CONFIRM https://github.com/tass-belgium/picotcp/pull/473 picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack

cpe:/a:lynx_project:lynx:2.8.9:dev15

CVE-2017-1000211

2017-11-17T10:29:00.310-05:00

2018-02-03T21:29:02.973-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://lynx.invisible-island.net/current/CHANGES.html BID 102180 MISC https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9 MLIST [debian-lts-announce] 20171118 [SECURITY] [DLA 1175-1] lynx-cur security update Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.

cpe:/a:alchemist-elixir:alchemist-server:-::~~~vim~~

CVE-2017-1000212

2017-11-17T10:29:00.357-05:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-12-05T21:42:25.387-05:00

CONFIRM https://github.com/tonini/alchemist-server/issues/14 Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code.

cpe:/a:wbce:wbce_cms:1.1.11

CVE-2017-1000213

2017-11-16T20:29:00.480-05:00

2017-11-29T14:38:16.047-05:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-29T14:31:07.743-05:00

CONFIRM https://github.com/WBCE/WBCE_CMS/commit/0da620016aec17ac2d2f3a22c55ab8c2b55e691e#diff-7b380285e285160d0070863099baabe0 WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search

cpe:/a:gitphp_project:gitphp:0.0.5 cpe:/a:gitphp_project:gitphp:0.0.6 cpe:/a:gitphp_project:gitphp:0.0.7 cpe:/a:gitphp_project:gitphp:0.0.8 cpe:/a:gitphp_project:gitphp:0.0.9 cpe:/a:gitphp_project:gitphp:0.1.0 cpe:/a:gitphp_project:gitphp:0.1.1 cpe:/a:gitphp_project:gitphp:0.2.0 cpe:/a:gitphp_project:gitphp:0.2.1 cpe:/a:gitphp_project:gitphp:0.2.2 cpe:/a:gitphp_project:gitphp:0.2.3 cpe:/a:gitphp_project:gitphp:0.2.4 cpe:/a:gitphp_project:gitphp:0.2.5 cpe:/a:gitphp_project:gitphp:0.2.6 cpe:/a:gitphp_project:gitphp:0.2.7

CVE-2017-1000214

2017-11-27T09:29:00.193-05:00

2017-12-19T11:14:09.313-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-12-13T08:50:39.307-05:00

CONFIRM https://github.com/Enalean/gitphp/commit/160621785ee812d6d90e20878bd6175e42c13c94 CONFIRM https://github.com/xiphux/gitphp/pull/37 GitPHP by xiphux is vulnerable to OS Command Injections

cpe:/a:xrootd:xrootd:4.6.0

CVE-2017-1000215

2017-11-17T15:29:00.277-05:00

2019-10-02T20:03:26.223-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2019-03-14T14:43:00.883-04:00

MISC https://github.com/xrootd/xrootd/blob/befa2e627a5a33a38c92db3e57c07d8246a24acf/src/XrdSecgsi/XrdSecgsiGMAPFunLDAP.cc#L85 CONFIRM https://github.com/xrootd/xrootd/blob/v4.6.1/docs/ReleaseNotes.txt CONFIRM https://github.com/xrootd/xrootd/commit/befa2e627a5a33a38c92db3e57c07d8246a24acf GENTOO GLSA-201903-11 ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution

CVE-2017-1000216

2017-08-20T20:29:00.420-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11104. Reason: This candidate is a reservation duplicate of CVE-2017-11104. Notes: All CVE users should reference CVE-2017-11104 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/a:opencast:opencast:2.3.2

CVE-2017-1000217

2017-11-17T17:29:00.330-05:00

2019-04-29T12:16:18.047-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2019-04-29T09:22:06.983-04:00

CONFIRM https://groups.google.com/a/opencast.org/forum/#!topic/security-notices/sCpt0pIPEFg Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.

cpe:/a:lightftp_project:lightftp:1.1

CVE-2017-1000218

2017-11-16T19:29:00.197-05:00

2017-11-30T07:47:02.480-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-29T22:24:59.023-05:00

CONFIRM https://github.com/hfiref0x/LightFTP/issues/5 LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution.

cpe:/a:windows-cpu_project:windows-cpu:0.1.1 cpe:/a:windows-cpu_project:windows-cpu:0.1.2

CVE-2017-1000219

2017-11-16T19:29:00.247-05:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-12-04T08:56:43.597-05:00

CONFIRM https://nodesecurity.io/advisories/336 npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user

cpe:/a:pidusage_project:pidusage:1.1.4

CVE-2017-1000220

2017-11-16T20:29:00.513-05:00

2019-10-02T20:03:26.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-11-29T13:17:45.473-05:00

MISC https://nodesecurity.io/advisories/356 soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution

cpe:/a:apereo:opencast:2.2.3

CVE-2017-1000221

2017-11-17T17:29:00.363-05:00

2019-10-02T20:03:26.223-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2017-12-04T22:22:57.677-05:00

CONFIRM https://opencast.jira.com/browse/MH-11862 In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.

CVE-2017-1000222

2017-11-17T13:29:00.327-05:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.

cpe:/a:modx:modx_revolution:2.5.6

CVE-2017-1000223

2017-11-17T00:29:00.390-05:00

2017-12-01T10:08:02.460-05:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-30T19:41:40.857-05:00

MISC https://raw.githubusercontent.com/modxcms/revolution/v2.5.7-pl/core/docs/changelog.txt A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS.

cpe:/a:embedplus:youtube:11.8.1::~~~wordpress~~

CVE-2017-1000224

2017-11-16T19:29:00.293-05:00

2017-12-03T10:58:26.323-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-12-02T15:56:12.883-05:00

MISC https://security.dxw.com/advisories/csrf-in-youtube-plugin/ CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin

cpe:/a:relevanssi:relevanssi:1.14.8::~~premium~wordpress~~

CVE-2017-1000225

2017-11-17T00:29:00.420-05:00

2017-12-01T10:09:03.087-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-11-30T19:36:51.510-05:00

MISC https://security.dxw.com/advisories/reflected-xss-in-relevanssi-premium-when-using-relevanssi_didyoumean-could-allow-unauthenticated-attacker-to-do-almost-anything-an-admin-can/ Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can

cpe:/a:fullworks:stop_user_enumeration:1.3.8::~~~wordpress~~

CVE-2017-1000226

2017-11-17T00:29:00.453-05:00

2017-12-04T16:33:19.963-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2017-12-04T12:46:43.037-05:00

MISC https://security.dxw.com/advisories/stop-user-enumeration-rest-api/ Stop User Enumeration 1.3.8 allows user enumeration via the REST API

cpe:/a:parallelus:salutation:3.0.15::~~~buddypress~~ cpe:/a:parallelus:salutation:3.0.15::~~~wordpress~~

CVE-2017-1000227

2017-11-17T16:29:00.310-05:00

2019-08-24T15:15:10.400-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC https://security.dxw.com/advisories/stored-xss-salutation-theme/ MISC https://wpvulndb.com/vulnerabilities/9734 Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can

CVE-2017-1000228

2017-11-16T22:29:00.377-05:00

2017-11-30T07:48:32.310-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2017-11-29T14:46:23.820-05:00

BID 101897 MISC https://snyk.io/vuln/npm:ejs:20161128 nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function

cpe:/a:optipng_project:optipng:0.7.6 cpe:/o:debian:debian_linux:7.0 cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0

CVE-2017-1000229

2017-11-17T00:29:00.483-05:00

2019-05-06T15:29:09.857-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2019-05-03T08:32:10.740-04:00

MLIST [debian-lts-announce] 20171121 [SECURITY] [DLA 1184-1] optipng security update GENTOO GLSA-201801-02 MISC https://sourceforge.net/p/optipng/bugs/65/ DEBIAN DSA-4058 Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.

cpe:/a:snap7_project:snap7_server:1.4.1

CVE-2017-1000230

2017-11-17T16:29:00.357-05:00

2017-12-02T07:55:14.293-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2017-12-01T21:16:57.110-05:00

MISC https://sourceforge.net/p/snap7/discussion/bugfix/thread/2d2d085c/ The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.

cpe:/a:nlnetlabs:ldns:1.7.0

CVE-2017-1000231

2017-11-16T23:29:00.247-05:00

2018-02-03T21:29:03.147-05:00

7.5

NETWORK