Total
31899 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-2602 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358). | ||||
| CVE-2017-2589 | 2 Hawt, Redhat | 3 Hawtio, Jboss Amq, Jboss Fuse | 2024-11-21 | N/A |
| It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies. | ||||
| CVE-2017-2375 | 1 Apple | 1 Iphone Os | 2024-11-21 | 3.3 Low |
| An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud. | ||||
| CVE-2017-2293 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | N/A |
| Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy. | ||||
| CVE-2017-20179 | 1 Instedd | 1 Pollit | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated as critical. This issue affects the function TourController of the file app/controllers/tour_controller.rb. The manipulation leads to an unknown weakness. The attack may be initiated remotely. Upgrading to version 2.3.2 is able to address this issue. The patch is named 6ef04f8b5972d5f16f8b86f8b53f62fac68d5498. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221507. | ||||
| CVE-2017-20178 | 1 Codiad | 1 Codiad | 2024-11-21 | 3.1 Low |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.8.1 is able to address this issue. The patch is identified as 517119de673e62547ee472a730be0604f44342b5. It is recommended to upgrade the affected component. VDB-221498 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2017-20007 | 1 Ingeteam | 2 Ingepac Da Au, Ingepac Da Au Firmware | 2024-11-21 | 5.3 Medium |
| Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the deviceĀ“s web service could exploit this vulnerability in order to obtain different configuration files. | ||||
| CVE-2017-1788 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031. | ||||
| CVE-2017-1755 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | N/A |
| IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID: 135855. | ||||
| CVE-2017-1731 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges. | ||||
| CVE-2017-1714 | 1 Ibm | 2 Client Application Access, Notes | 2024-11-21 | N/A |
| IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633. | ||||
| CVE-2017-1692 | 1 Ibm | 1 Aix | 2024-11-21 | N/A |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067. | ||||
| CVE-2017-1612 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | N/A |
| IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953. | ||||
| CVE-2017-1557 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | N/A |
| IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. | ||||
| CVE-2017-1350 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A |
| IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526. | ||||
| CVE-2017-18871 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name. | ||||
| CVE-2017-18859 | 1 Netgear | 8 C6300, C6300 Firmware, Cm400 and 5 more | 2024-11-21 | 7.5 High |
| Certain NETGEAR devices are affected by slowdown/stoppage. This affects C6300 before 2017-05-30, CM400 before 2017-05-30, CM700 before 2017-05-30, and CMD31T before 2017-05-30. | ||||
| CVE-2017-18836 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 6.2 Medium |
| Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18823 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 5.5 Medium |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18819 | 1 Netgear | 1 Readynas Os | 2024-11-21 | 3.3 Low |
| NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings. | ||||