Количество 18 769
Количество 18 769
CVE-2017-18640
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CVE-2017-18214
CVE-2017-18207
CVE-2017-17969
CVE-2017-17522
CVE-2017-16844
CVE-2017-16754
Bolt before 3.3.6 does not properly restrict access to _profiler routes
CVE-2017-16046
CVE-2017-15371
CVE-2017-15370
CVE-2017-15275
CVE-2017-15042
An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.
CVE-2017-14992
CVE-2017-14867
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
CVE-2017-14634
CVE-2017-14623
CVE-2017-14246
CVE-2017-14245
CVE-2017-14176
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands
CVE-2017-14167
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-18640 The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. | CVSS3: 7.5 | 2% Низкий | 4 месяца назад |
| CVSS3: 7.5 | 0% Низкий | больше 1 года назад | |
| CVSS3: 6.5 | 1% Низкий | больше 1 года назад | |
| CVSS3: 7.8 | 3% Низкий | около 4 лет назад | |
| CVSS3: 8.8 | 1% Низкий | больше 1 года назад | |
| CVSS3: 9.8 | 20% Средний | около 4 лет назад | |
| CVE-2017-16754 Bolt before 3.3.6 does not properly restrict access to _profiler routes | CVSS3: 5.3 | 0% Низкий | 4 месяца назад |
| CVSS3: 7.5 | 0% Низкий | больше 5 лет назад | |
| CVSS3: 5.5 | 1% Низкий | больше 1 года назад | |
| CVSS3: 5.5 | 1% Низкий | больше 1 года назад | |
| CVSS3: 7.5 | 45% Средний | больше 1 года назад | |
| CVE-2017-15042 An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password. | 0% Низкий | 5 месяцев назад | |
| CVSS3: 6.5 | 0% Низкий | больше 4 лет назад | |
| CVE-2017-14867 Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. | CVSS3: 8.8 | 7% Низкий | 5 месяцев назад |
| CVSS3: 6.5 | 1% Низкий | около 5 лет назад | |
| CVSS3: 8.1 | 0% Низкий | больше 1 года назад | |
| CVSS3: 8.1 | 1% Низкий | около 5 лет назад | |
| CVSS3: 8.1 | 0% Низкий | около 5 лет назад | |
| CVE-2017-14176 Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands | CVSS3: 8.8 | 2% Низкий | 4 месяца назад |
| CVSS3: 8.8 | 0% Низкий | больше 5 лет назад |
Уязвимостей на страницу