CVE-2017-0647
published 2017-06-14CVE-2017-0647: An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue…
PriorityP419medium5.5CVSS 3.0
AVLACLPRNUIRSUCHINAN
EPSS
0.46%
36.4th percentile
An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | android-platform-system-core | < android-platform-system-core 1:7.0.0+r33-2 (bullseye) | android-platform-system-core 1:7.0.0+r33-2 (bullseye) |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| google_inc | android | — | — |
| msrc | team_foundation_server_2017_update_3.1 | — | — |
| msrc | team_foundation_server_2018_update_1.2 | — | — |
| msrc | team_foundation_server_2018_update_3.2 | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_debian5.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Team Foundation Server Information Disclosure Vulnerability
vendor_msrc·2019-01-08·CVSS 6.5
CVE-2019-0647 [MEDIUM] Team Foundation Server Information Disclosure Vulnerability
Team Foundation Server Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret. An authenticated attacker who successfully exploited this vulnerability could view variables that were hidden by other users.
To exploit the vulnerability, an authenticated attacker would need to create a task group with a task containing a secret variable.
The security update addresses the vulnerability by correcting how variables are handled.
FAQ: What version of Team Foundation Server is affected by this vulnerability?
References for Team Foundation Server 2017 Update 3
Identification
Last version of Team Foundation Server 2017 Update 3 affected by this vulnerability
Version 3.1
Fi
Android
CVE-2017-0647: Android Security Bulletin 2017-06-01
CVE: CVE-2017-0647
Severity: MEDIUM
Type: ID
Affected AOSP versions: 5
vendor_android·2017-06-01·CVSS 5.5
CVE-2017-0647 [MEDIUM] CVE-2017-0647: Android Security Bulletin 2017-06-01
CVE: CVE-2017-0647
Severity: MEDIUM
Type: ID
Affected AOSP versions: 5
Android Security Bulletin 2017-06-01
CVE: CVE-2017-0647
Severity: MEDIUM
Type: ID
Affected AOSP versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2
References: A-36392138
Debian
CVE-2017-0647: android-platform-system-core - An information disclosure vulnerability in libziparchive could enable a local ma...
vendor_debian·2017·CVSS 5.5
CVE-2017-0647 [MEDIUM] CVE-2017-0647: android-platform-system-core - An information disclosure vulnerability in libziparchive could enable a local ma...
An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.
Scope: local
bullseye: resolved (fixed in 1:7.0.0+r33-2)
GHSA
GHSA-wf4x-x9qv-r4v4: An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels
ghsa_unreviewed·2022-05-17
CVE-2017-0647 [MEDIUM] CWE-200 GHSA-wf4x-x9qv-r4v4: An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels
An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.
OSV
CVE-2017-0647: An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels
osv·2017-06-14·CVSS 5.5
CVE-2017-0647 [MEDIUM] CVE-2017-0647: An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels
An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-06-14
Published