CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7907
https://notcve.org/view.php?id=CVE-2020-7907
In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. En el plugin JetBrains Scala versiones anteriores a 2019.2.1, algunas dependencias de artefactos fueron resueltas por medio de conexiones no encriptadas. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15288
https://notcve.org/view.php?id=CVE-2017-15288
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. El demonio de compilación en Scala en versiones anteriores a la 2.10.7, las versiones 2.11.x anteriores a la 2.11.12 y las versiones 2.12.x anteriores a la 2.14.4 emplea permisos débiles para archivos privados en /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, lo que permite que usuarios locales escriban en archivos de clase arbitrarios y, consecuentemente, obtengan privilegios. • http://scala-lang.org/news/security-update-nov17.html https://github.com/scala/scala/pull/6108 https://github.com/scala/scala/pull/6120 https://github.com/scala/scala/pull/6128 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache&# • CWE-732: Incorrect Permission Assignment for Critical Resource •