Export limit exceeded: 11360 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11360 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-0892 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 3.5 Low |
| Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. | ||||
| CVE-2017-0894 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 4.3 Medium |
| Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token. | ||||
| CVE-2017-0895 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | N/A |
| Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed. | ||||
| CVE-2017-0896 | 1 Zulip | 1 Zulip Server | 2025-04-20 | N/A |
| Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this. | ||||
| CVE-2017-0910 | 1 Zulip | 1 Zulip Server | 2025-04-20 | N/A |
| In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm. | ||||
| CVE-2017-10622 | 1 Juniper | 1 Junos Space | 2025-04-20 | N/A |
| An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher. | ||||
| CVE-2017-10623 | 1 Juniper | 1 Junos Space | 2025-04-20 | N/A |
| Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. | ||||
| CVE-2017-10709 | 2 Elephone, Google | 2 P9000, Android | 2025-04-20 | N/A |
| The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess. | ||||
| CVE-2017-10796 | 1 Tp-link | 2 Nc250, Nc250 Firmware | 2025-04-20 | 6.5 Medium |
| On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. | ||||
| CVE-2017-10807 | 1 Jabberd2 | 1 Jabberd2 | 2025-04-20 | N/A |
| JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. | ||||
| CVE-2017-10815 | 1 Intercom | 1 Malion | 2025-04-20 | N/A |
| MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when "Remote Control" is installed) allow remote attackers to bypass authentication to execute arbitrary commands or operations on Terminal Agent. | ||||
| CVE-2017-10817 | 1 Intercom | 1 Malion | 2025-04-20 | 9.8 Critical |
| MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server. | ||||
| CVE-2017-10873 | 1 Osstech | 1 Openam | 2025-04-20 | 8.1 High |
| OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider. | ||||
| CVE-2017-10903 | 1 Princeton | 2 Ptw-wms1, Ptw-wms1 Firmware | 2025-04-20 | N/A |
| Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors. | ||||
| CVE-2017-12262 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2025-04-20 | N/A |
| A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is due to an incorrect firewall rule on the device. The misconfiguration could allow traffic sent to the public interface of the device to be forwarded to the internal virtual network of the APIC-EM. An attacker that is logically adjacent to the network on which the public interface of the affected APIC-EM resides could leverage this behavior to gain access to services listening on the internal network with elevated privileges. This vulnerability affects appliances or virtual devices running Cisco Application Policy Infrastructure Controller Enterprise Module prior to version 1.5. Cisco Bug IDs: CSCve89638. | ||||
| CVE-2017-12281 | 1 Cisco | 12 Aironet 1800 Firmware, Aironet 1830e, Aironet 1830i and 9 more | 2025-04-20 | N/A |
| A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314. | ||||
| CVE-2017-12316 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-20 | N/A |
| A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518. | ||||
| CVE-2017-12340 | 1 Cisco | 1 Nx-os | 2025-04-20 | N/A |
| A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain functions of the Python scripting sandbox of the affected system. An attacker could exploit this vulnerability to escape the scripting sandbox and enter the Bash shell of the operating system with the privileges of the authenticated user for the affected system. To exploit this vulnerability, the attacker must have local access to the affected system and be authenticated to the affected system with administrative or Python execution privileges. Cisco Bug IDs: CSCvd86513. | ||||
| CVE-2017-12819 | 1 Sentinel | 1 Sentinel Ldk Rte Firmware | 2025-04-20 | N/A |
| Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55. | ||||
| CVE-2017-13872 | 1 Apple | 1 Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name. | ||||