Total
2382 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18416 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). | |||||
| CVE-2017-18404 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.9 MEDIUM | 3.1 LOW |
| cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | |||||
| CVE-2017-18403 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). | |||||
| CVE-2017-18385 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). | |||||
| CVE-2017-18384 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | |||||
| CVE-2017-18380 | 1 Edx | 1 Edx-platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name. | |||||
| CVE-2017-15131 | 2 Freedesktop, Redhat | 2 Xdg-user-dirs, Enterprise Linux | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. | |||||
| CVE-2017-12191 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 7.5 HIGH | 7.4 HIGH |
| A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to. | |||||
| CVE-2017-12171 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. | |||||
| CVE-2017-11365 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator. | |||||
| CVE-2017-10721 | 1 Ishekar | 2 Endoscope Camera, Endoscope Camera Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. | |||||
| CVE-2016-9905 | 3 Debian, Mozilla, Redhat | 6 Debian Linux, Firefox Esr, Thunderbird and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. | |||||
| CVE-2016-9722 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.9 MEDIUM | 4.2 MEDIUM |
| IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737. | |||||
| CVE-2016-9645 | 1 Ikiwiki | 1 Ikiwiki | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229. | |||||
| CVE-2016-9599 | 2 Openstack, Redhat | 2 Puppet-tripleo, Openstack | 2024-11-21 | 6.0 MEDIUM | 7.1 HIGH |
| puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources. | |||||
| CVE-2016-8529 | 1 Hp | 1 Lefthand | 2024-11-21 | 7.3 HIGH | 7.6 HIGH |
| A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version. | |||||
| CVE-2016-8365 | 1 Osisoft | 4 Pi Af Client, Pi Buffer Subsystem, Pi Data Archive and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) | |||||
| CVE-2016-7048 | 1 Postgresql | 1 Postgresql | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software. | |||||
| CVE-2016-6598 | 1 Bmc | 1 Track-it\! | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM. | |||||
| CVE-2016-6543 | 1 Ieasytec | 1 Itrack Easy | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device. | |||||