CVE-2017-1002100 CVSS:4.0
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal. (Last Update:2017-09-29) (Publish Update:2017-09-14)
CVE-2017-1000381 CVSS:5.0
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. (Last Update:2017-07-17) (Publish Update:2017-07-07)
CVE-2017-1000380 CVSS:2.1
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. (Last Update:2017-11-05) (Publish Update:2017-06-17)
CVE-2017-1000362 CVSS:5.0
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/, and delete it if present. (Last Update:2017-07-26) (Publish Update:2017-07-17)
CVE-2017-1000250 CVSS:3.3
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. (Last Update:2017-11-04) (Publish Update:2017-09-12)
CVE-2017-1000242 CVSS:2.1
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure (Last Update:2017-11-18) (Publish Update:2017-11-01)
CVE-2017-1000157 CVSS:3.5
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on. (Last Update:2017-11-13) (Publish Update:2017-11-03)
CVE-2017-1000155 CVSS:4.0
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages. (Last Update:2017-11-13) (Publish Update:2017-11-03)
CVE-2017-1000151 CVSS:5.0
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. (Last Update:2017-11-13) (Publish Update:2017-11-03)
CVE-2017-1000143 CVSS:4.0
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore. (Last Update:2017-11-15) (Publish Update:2017-11-03)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by