ReportizFlow
Filtered by vendor
Subscriptions
Total
12671 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11740 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | N/A |
| In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system. | ||||
| CVE-2017-1002157 | 1 Redhat | 1 Modulemd | 2024-11-21 | 9.8 Critical |
| modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution. | ||||
| CVE-2017-1000600 | 1 Wordpress | 1 Wordpress | 2024-11-21 | N/A |
| WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9 | ||||
| CVE-2017-1000469 | 1 Cobbler Project | 1 Cobbler | 2024-11-21 | N/A |
| Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user. | ||||
| CVE-2017-1000423 | 1 B2evolution | 1 B2evolution | 2024-11-21 | N/A |
| b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup. | ||||
| CVE-2017-1000402 | 1 Jenkins | 1 Swarm | 2024-11-21 | N/A |
| Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. | ||||
| CVE-2017-1000401 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files. Form validation for <f:password/> is now always sent via POST, which is typically not logged. | ||||
| CVE-2017-1000397 | 1 Jenkins | 1 Maven | 2024-11-21 | N/A |
| Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient. | ||||
| CVE-2017-1000394 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins. | ||||
| CVE-2017-1000391 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user ID for their name without additional escaping, potentially resulting in problems like overwriting of unrelated configuration files. | ||||
| CVE-2017-1000355 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void. | ||||
| CVE-2017-0938 | 1 Ui | 4 Airmax Ac, Airos, Edgemax and 1 more | 2024-11-21 | 7.5 High |
| Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks. | ||||
| CVE-2017-0917 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-11-21 | N/A |
| Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. | ||||
| CVE-2017-0916 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-11-21 | N/A |
| Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution. | ||||
| CVE-2017-0915 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-11-21 | N/A |
| Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution. | ||||
| CVE-2017-0370 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter. | ||||
| CVE-2017-0368 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. | ||||
| CVE-2017-0366 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. | ||||
| CVE-2017-0364 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. | ||||
| CVE-2016-9749 | 1 Ibm | 1 Campaign | 2024-11-21 | N/A |
| IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206. | ||||