Total
                    1503 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 | 
|---|---|---|---|---|---|
| CVE-2017-18916 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM | 
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction. | |||||
| CVE-2017-18910 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM | 
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. | |||||
| CVE-2017-18896 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM | 
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint. | |||||
| CVE-2017-18894 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH | 
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover. | |||||
| CVE-2017-18886 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH | 
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands. | |||||
| CVE-2017-18878 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM | 
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session. | |||||
| CVE-2017-18876 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM | 
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file. | |||||
| CVE-2017-18875 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM | 
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files. | |||||
| CVE-2017-18872 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM | 
| An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider. | |||||
| CVE-2017-18870 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM | 
| An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case. | |||||
| CVE-2017-18348 | 1 Splunk | 1 Splunk | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH | 
| Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access. | |||||
| CVE-2017-18285 | 2 Burp Project, Gentoo | 2 Burp, Linux | 2024-11-21 | 3.6 LOW | 7.1 HIGH | 
| The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change. | |||||
| CVE-2017-18284 | 2 Burp Project, Gentoo | 2 Burp, Linux | 2024-11-21 | 3.6 LOW | 7.1 HIGH | 
| The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL. | |||||
| CVE-2017-18226 | 2 Gentoo, Jabberd2 | 2 Linux, Jabberd2 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM | 
| The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command. | |||||
| CVE-2017-18225 | 2 Gentoo, Jabberd2 | 2 Linux, Jabberd2 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH | 
| The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs. | |||||
| CVE-2017-17867 | 1 Intenogroup | 1 Iopsys | 2024-11-21 | 9.0 HIGH | 8.8 HIGH | 
| Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration. | |||||
| CVE-2017-17677 | 1 Bmc | 1 Remedy Mid-tier | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH | 
| BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code. | |||||
| CVE-2017-16945 | 2 Apple, Haystacksoftware | 2 Macos, Arq | 2024-11-21 | 7.2 HIGH | 7.8 HIGH | 
| The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path. | |||||
| CVE-2017-16928 | 2 Apple, Haystacksoftware | 2 Macos, Arq | 2024-11-21 | 7.2 HIGH | 7.8 HIGH | 
| The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip. | |||||
| CVE-2017-16885 | 1 Fiberhome | 2 Lm53q1, Lm53q1 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL | 
| Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc. | |||||
