Export limit exceeded: 357829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9372 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-2662 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Katello | 2024-11-21 | N/A |
| A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id. | ||||
| CVE-2017-20049 | 1 Axis | 12 M3005, M3005 Firmware, M3007 and 9 more | 2024-11-21 | 9.8 Critical |
| A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. | ||||
| CVE-2017-20002 | 1 Debian | 2 Debian Linux, Shadow | 2024-11-21 | 7.8 High |
| The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. | ||||
| CVE-2017-1493 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | N/A |
| IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691. | ||||
| CVE-2017-18885 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf. | ||||
| CVE-2017-18884 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 8.1 High |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens. | ||||
| CVE-2017-18838 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 7.8 High |
| Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18837 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 7.8 High |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18830 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 7.8 High |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18829 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 7.8 High |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18826 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 7.8 High |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18822 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 7.8 High |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18596 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 8.8 High |
| The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions. | ||||
| CVE-2017-18584 | 1 Post Pay Counter Project | 1 Post Pay Counter | 2024-11-21 | N/A |
| The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action. | ||||
| CVE-2017-18455 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). | ||||
| CVE-2017-18451 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257). | ||||
| CVE-2017-18450 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). | ||||
| CVE-2017-18413 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299). | ||||
| CVE-2017-18399 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332). | ||||
| CVE-2017-18383 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). | ||||