|
257111
|
5.7 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2017-0936
|
2024-11-21 12:03 |
2018-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257112
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in a…
|
CWE-863
Incorrect Authorization
|
CVE-2017-0920
|
2024-11-21 12:03 |
2018-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257113
|
8.8 |
HIGH
Network
|
ui
|
edgeos
|
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being e…
|
CWE-269
Improper Privilege Management
|
CVE-2017-0935
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257114
|
8.8 |
HIGH
Network
|
ubnt
|
edgeos
|
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exp…
|
CWE-269
Improper Privilege Management
|
CVE-2017-0934
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257115
|
8.0 |
HIGH
Network
|
ubnt
|
edgeos
|
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) u…
|
CWE-352
Origin Validation Error
|
CVE-2017-0933
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257116
|
8.8 |
HIGH
Network
|
ubnt
|
edgeos
|
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with…
|
CWE-269
Improper Privilege Management
|
CVE-2017-0932
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257117
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.
|
CWE-863
Incorrect Authorization
|
CVE-2017-0927
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257118
|
8.8 |
HIGH
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
|
CWE-863
Incorrect Authorization
|
CVE-2017-0926
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257119
|
7.2 |
HIGH
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaint…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-0925
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257120
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2017-0924
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
