Total
4017 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9285 | 2 Microfocus, Netiq | 2 Edirectory, Edirectory | 2024-11-21 | 7.5 HIGH | 5.4 MEDIUM |
| NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | |||||
| CVE-2017-8340 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | |||||
| CVE-2017-7912 | 1 Hanwhasecurity | 2 Srn-4000, Srn-4000 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication. | |||||
| CVE-2017-7497 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 4.0 MEDIUM | 4.1 MEDIUM |
| The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant. | |||||
| CVE-2017-6912 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | |||||
| CVE-2017-5863 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | |||||
| CVE-2017-5212 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control. | |||||
| CVE-2017-2664 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges. | |||||
| CVE-2017-20066 | 1 Adminer Login Project | 1 Adminer Login | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-18543 | 1 Invite Anyone Project | 1 Invite Anyone | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations. | |||||
| CVE-2017-18457 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). | |||||
| CVE-2017-18421 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). | |||||
| CVE-2017-18416 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). | |||||
| CVE-2017-18404 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.9 MEDIUM | 3.1 LOW |
| cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | |||||
| CVE-2017-18403 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). | |||||
| CVE-2017-18385 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). | |||||
| CVE-2017-18384 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | |||||
| CVE-2017-18380 | 1 Edx | 1 Edx-platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name. | |||||
| CVE-2017-18101 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks. | |||||
| CVE-2017-18035 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it. | |||||