Total
1374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3209 | 2 Busybox, Dbpower | 3 Busybox, U818a, U818a Firmware | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
| The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and provides full filesystem read/write permissions to the anonymous user. A remote user within range of the open access point on the drone may utilize the anonymous user of the FTP server to read arbitrary files, such as images and video recorded by the device, or to replace system files such as /etc/shadow to gain further access to the device. Furthermore, the DBPOWER U818A WIFI quadcopter drone uses BusyBox 1.20.2, which was released in 2012, and may be vulnerable to other known BusyBox vulnerabilities. | |||||
| CVE-2017-18915 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access. | |||||
| CVE-2017-18868 | 1 Digi | 2 Xbee 2, Xbee 2 Firmware | 2024-11-21 | 5.5 MEDIUM | 7.7 HIGH |
| Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built. | |||||
| CVE-2017-18669 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June 2017). | |||||
| CVE-2017-18668 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with M(6.0) software. Attackers can prevent users from making outbound calls and sending outbound text messages. The Samsung ID is SVE-2017-8706 (June 2017). | |||||
| CVE-2017-16128 | 1 Npm-script-demo Project | 1 Npm-script-demo | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry. | |||||
| CVE-2017-16127 | 1 Pandora-doomsday Project | 1 Pandora-doomsday | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The module pandora-doomsday infects other modules. It's since been unpublished from the registry. | |||||
| CVE-2017-0369 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it. | |||||
| CVE-2015-9477 | 1 Vernissage Project | 1 Vernissage | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates. | |||||
| CVE-2015-9476 | 1 Teardrop Project | 1 Teardrop | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates. | |||||
| CVE-2015-9475 | 1 Pont Project | 1 Pont | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Pont theme 1.5 for WordPress has insufficient restrictions on option updates. | |||||
| CVE-2015-9474 | 1 Simpolio Project | 1 Simpolio | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates. | |||||
| CVE-2014-7303 | 1 Hp | 1 Sgi Tempo | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db. | |||||
| CVE-2014-7302 | 1 Hp | 1 Sgi Tempo | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx. | |||||
| CVE-2014-7301 | 1 Hp | 1 Sgi Tempo | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
| SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw. | |||||
| CVE-2014-2723 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | |||||
| CVE-2014-2722 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | |||||
| CVE-2014-2721 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | |||||
| CVE-2013-4859 | 1 Insteon | 2 Hub, Hub Firmware | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| INSTEON Hub 2242-222 lacks Web and API authentication | |||||
| CVE-2013-4764 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2024-11-21 | 2.1 LOW | 4.3 MEDIUM |
| Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission. | |||||