Total
2820 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0182 | 1 Microsoft | 5 Windows 10, Windows 7, Windows 8.1 and 2 more | 2024-08-05 | N/A |
| Windows Journal in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal (aka .jnt) file, aka "Windows Journal Memory Corruption Vulnerability." | ||||
| CVE-2016-0183 | 1 Microsoft | 4 Office, Office Web Apps, Sharepoint Server and 1 more | 2024-08-05 | N/A |
| The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Microsoft Office Graphics RCE Vulnerability." | ||||
| CVE-2016-0170 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-08-05 | N/A |
| GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability." | ||||
| CVE-2016-0088 | 1 Microsoft | 3 Windows 10, Windows 8.1, Windows Server 2012 | 2024-08-05 | N/A |
| Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." | ||||
| CVE-2017-20066 | 1 Adminer Login Project | 1 Adminer Login | 2024-08-05 | 5.3 Medium |
| A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-18543 | 1 Invite Anyone Project | 1 Invite Anyone | 2024-08-05 | N/A |
| The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations. | ||||
| CVE-2017-18416 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). | ||||
| CVE-2017-18421 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). | ||||
| CVE-2017-18457 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). | ||||
| CVE-2017-18380 | 1 Edx | 1 Edx-platform | 2024-08-05 | 7.5 High |
| edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name. | ||||
| CVE-2017-18404 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | ||||
| CVE-2017-18403 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). | ||||
| CVE-2017-18384 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | ||||
| CVE-2017-18385 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). | ||||
| CVE-2017-18190 | 4 Apple, Canonical, Debian and 1 more | 4 Cups, Ubuntu Linux, Debian Linux and 1 more | 2024-08-05 | N/A |
| A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). | ||||
| CVE-2017-17449 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more | 2024-08-05 | N/A |
| The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. | ||||
| CVE-2017-17450 | 1 Linux | 1 Linux Kernel | 2024-08-05 | N/A |
| net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. | ||||
| CVE-2017-17448 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-08-05 | N/A |
| net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces. | ||||
| CVE-2024-23238 | 2024-08-05 | 7.1 High | ||
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables. | ||||
| CVE-2017-15994 | 1 Samba | 1 Rsync | 2024-08-05 | N/A |
| rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects. | ||||