Total
2075 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20023 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2017-20021 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2024-11-21 | 6.5 Medium |
| A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2017-20002 | 1 Debian | 2 Debian Linux, Shadow | 2024-11-21 | 7.8 High |
| The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. | ||||
| CVE-2017-1493 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | N/A |
| IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691. | ||||
| CVE-2017-1326 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | N/A |
| IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060. | ||||
| CVE-2017-1150 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515. | ||||
| CVE-2017-18885 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf. | ||||
| CVE-2017-18884 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 8.1 High |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens. | ||||
| CVE-2017-18838 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 7.8 High |
| Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18837 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 7.8 High |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18830 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 7.8 High |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18829 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 7.8 High |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18826 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 7.8 High |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18822 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 7.8 High |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18596 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 8.8 High |
| The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions. | ||||
| CVE-2017-17544 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.2 High |
| A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations. | ||||
| CVE-2017-17384 | 1 Ispconfig | 1 Ispconfig | 2024-11-21 | N/A |
| ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. | ||||
| CVE-2017-16520 | 1 Inedo | 1 Buildmaster | 2024-11-21 | N/A |
| Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. | ||||
| CVE-2017-15917 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | N/A |
| In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server. | ||||
| CVE-2017-15536 | 1 Cloudera | 1 Data Science Workbench | 2024-11-21 | N/A |
| An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables. | ||||