Total
2925 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0927 | 1 Gitlab | 1 Gitlab | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users. | |||||
| CVE-2017-0926 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. | |||||
| CVE-2017-0922 | 1 Gitlab | 1 Gitlab | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object. | |||||
| CVE-2017-0920 | 1 Gitlab | 1 Gitlab | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance. | |||||
| CVE-2017-0894 | 1 Nextcloud | 1 Nextcloud Server | 2026-06-17 | 4.3 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token. | |||||
| CVE-2017-0881 | 1 Zulip | 1 Zulip Server | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server. | |||||
| CVE-2016-6797 | 6 Apache, Canonical, Debian and 3 more | 14 Tomcat, Ubuntu Linux, Debian Linux and 11 more | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. | |||||
| CVE-2016-6591 | 1 Symantec | 1 Norton App Lock | 2026-06-17 | 3.3 LOW | 7.1 HIGH |
| A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. | |||||
| CVE-2016-6353 | 1 Cloudera | 1 Cdh | 2026-06-17 | 3.5 LOW | 6.5 MEDIUM |
| Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. | |||||
| CVE-2016-4572 | 1 Cloudera | 1 Cdh | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. | |||||
| CVE-2016-4514 | 1 Moxa | 2 Pt-7728, Pt-7728 Firmware | 2026-06-17 | 4.6 MEDIUM | 7.7 HIGH |
| Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. | |||||
| CVE-2016-4178 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2026-06-17 | 4.3 MEDIUM | 4.3 MEDIUM |
| Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-3131 | 1 Cloudera | 1 Cdh | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. | |||||
| CVE-2016-20005 | 1 Rest\/json Project | 1 Rest\/json | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
| CVE-2016-20004 | 1 Rest\/json Project | 1 Rest\/json | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
| CVE-2016-20002 | 1 Rest\/json Project | 1 Rest\/json | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
| CVE-2016-20001 | 1 Rest\/json Project | 1 Rest\/json | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
| CVE-2016-10996 | 1 Optinmonster | 1 Optinmonster | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak. | |||||
| CVE-2015-4106 | 6 Canonical, Citrix, Debian and 3 more | 8 Ubuntu Linux, Xenserver, Debian Linux and 5 more | 2026-06-17 | 4.6 MEDIUM | N/A |
| QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | |||||
| CVE-2015-1780 | 1 Redhat | 2 Ovirt-engine, Virtualization | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | |||||