CVEs from 2017
Total
11,606
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5670 | medium | 4.6 | 4.6 | 9y ago | Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw di… | |||
| CVE-2017-2452 | medium | 4.6 | 4.6 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to read text messages on the lock scr… | |||
| CVE-2017-2399 | medium | 4.6 | 4.6 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by lever… | |||
| CVE-2017-2352 | medium | 4.6 | 4.6 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Unlock with iPhone" component, which allows attackers to by… | |||
| CVE-2017-10897 | medium | 4.5 | 4.5 | 9y ago | Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified v… | |||
| CVE-2017-15525 | medium | 4.5 | 4.5 | 9y ago | Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine o… | |||
| CVE-2017-11818 | medium | 4.5 | 4.5 | 9y ago | The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypa… | |||
| CVE-2017-10003 | medium | 4.5 | 4.5 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network Services Library). The supported version that is affected is 10. Difficult to exploit vulnerability … | |||
| CVE-2017-4015 | medium | 4.5 | 4.5 | 9y ago | Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header. | |||
| CVE-2017-5607 | low | 3.5 | 4.5 | 9y ago | Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 a… | |||
| CVE-2017-1336 | medium | 4.4 | 4.4 | 9y ago | IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244. | |||
| CVE-2017-12332 | medium | 4.4 | 4.4 | 9y ago | A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restric… | |||
| CVE-2017-12306 | medium | 4.4 | 4.4 | 9y ago | A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability… | |||
| CVE-2017-16637 | medium | 4.4 | 4.4 | 9y ago | In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdva… | |||
| CVE-2017-1000157 | medium | 4.4 | 4.4 | 9y ago | Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creatio… | |||
| CVE-2017-14327 | medium | 4.4 | 4.4 | 9y ago | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files. | |||
| CVE-2017-10286 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vu… | |||
| CVE-2017-10099 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the SPARC M7, T7, S7 based Servers component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is Prior to 9.7.6.b. Easily exploit… | |||
| CVE-2017-12289 | medium | 4.4 | 4.4 | 9y ago | A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system … | |||
| CVE-2017-10606 | medium | 4.4 | 4.4 | 9y ago | Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive informatio… | |||
| CVE-2017-1339 | medium | 4.4 | 4.4 | 9y ago | IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or adm… | |||
| CVE-2017-12153 | medium | 4.4 | 4.4 | 9y ago | A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are … | |||
| CVE-2017-6795 | medium | 4.4 | 4.4 | 9y ago | A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files o… | |||
| CVE-2017-5698 | medium | 4.4 | 4.4 | 9y ago | Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmw… | |||
| CVE-2017-14051 | medium | 4.4 | 4.4 | 9y ago | An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corru… | |||
| CVE-2017-3649 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to explo… | |||
| CVE-2017-3648 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. D… | |||
| CVE-2017-3647 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to explo… | |||
| CVE-2017-10200 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows… | |||
| CVE-2017-10182 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Export Functionality). Supported versions that are affected are 5.4… | |||
| CVE-2017-11334 | medium | 4.4 | 4.4 | 9y ago | The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by… | |||
| CVE-2017-0190 | medium | 4.4 | 4.4 | 9y ago | The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 al… | |||
| CVE-2017-3483 | medium | 4.4 | 4.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are… | |||
| CVE-2017-0164 | medium | 4.4 | 4.4 | 9y ago | A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Ser… | |||
| CVE-2017-6602 | medium | 4.4 | 4.4 | 9y ago | A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an aut… | |||
| CVE-2017-0154 | medium | 4.4 | 4.4 | 9y ago | Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it int… | |||
| CVE-2017-5551 | medium | 4.4 | 4.4 | 10y ago | The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group pri… | |||
| CVE-2017-3243 | medium | 4.4 | 4.4 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows hi… | |||
| CVE-2017-7152 | medium | 4.3 | 4.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a cr… | |||
| CVE-2017-1191 | medium | 4.3 | 4.3 | 9y ago | An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 12366… | |||
| CVE-2017-10907 | medium | 4.3 | 4.3 | 9y ago | Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors. | |||
| CVE-2017-1257 | medium | 4.3 | 4.3 | 9y ago | IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684. | |||
| CVE-2017-17696 | medium | 4.3 | 4.3 | 9y ago | Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php. | |||
| CVE-2017-17693 | medium | 4.3 | 4.3 | 9y ago | Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback. | |||
| CVE-2017-1507 | medium | 4.3 | 4.3 | 9y ago | IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. | |||
| CVE-2017-1481 | medium | 4.3 | 4.3 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619. | |||
| CVE-2017-1342 | medium | 4.3 | 4.3 | 9y ago | IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457. | |||
| CVE-2017-12365 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker c… | |||
| CVE-2017-12360 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vul… | |||
| CVE-2017-1570 | medium | 4.3 | 4.3 | 9y ago | IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852. | |||
| CVE-2017-1484 | medium | 4.3 | 4.3 | 9y ago | IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622. | |||
| CVE-2017-1283 | medium | 4.3 | 4.3 | 9y ago | IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IB… | |||
| CVE-2017-1251 | medium | 4.3 | 4.3 | 9y ago | An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631. | |||
| CVE-2017-1240 | medium | 4.3 | 4.3 | 9y ago | IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359. | |||
| CVE-2017-8168 | medium | 4.3 | 4.3 | 9y ago | FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmissi… | |||
| CVE-2017-2727 | medium | 4.3 | 4.3 | 9y ago | Huawei P9 smart phones with software versions earlier before EVA-AL00C00B365, versions earlier before EVA-AL10C00B365,Versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365,… | |||
| CVE-2017-15110 | medium | 4.3 | 4.3 | 9y ago | Moodle Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2017-10889 | medium | 4.3 | 4.3 | 9y ago | TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. | |||
| CVE-2017-16560 | medium | 4.3 | 4.3 | 9y ago | SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user… | |||
| CVE-2017-12302 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL… | |||
| CVE-2017-15269 | medium | 4.3 | 4.3 | 9y ago | The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server. | |||
| CVE-2017-11848 | medium | 4.3 | 4.3 | 9y ago | Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 20… | |||
| CVE-2017-11844 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles … | |||
| CVE-2017-11803 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles … | |||
| CVE-2017-16804 | medium | 4.3 | 4.3 | 9y ago | In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive … | |||
| CVE-2017-16633 | medium | 4.3 | 4.3 | 9y ago | In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. | |||
| CVE-2017-11461 | medium | 4.3 | 4.3 | 9y ago | NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintende… | |||
| CVE-2017-1000155 | medium | 4.3 | 4.3 | 9y ago | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's… | |||
| CVE-2017-1000143 | medium | 4.3 | 4.3 | 9y ago | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore. | |||
| CVE-2017-12279 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected de… | |||
| CVE-2017-12625 | medium | 4.3 | 4.3 | 9y ago | Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service | |||
| CVE-2017-1000243 | medium | 4.3 | 4.3 | 9y ago | Missing permission check in Jenkins Favorite Plugin | |||
| CVE-2017-5119 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5118 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5109 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5103 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5102 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5096 | medium | 4.3 | 4.3 | 9y ago | Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a… | |||
| CVE-2017-5083 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5079 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5075 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-1226 | medium | 4.3 | 4.3 | 9y ago | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks… | |||
| CVE-2017-1295 | medium | 4.3 | 4.3 | 9y ago | IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157. | |||
| CVE-2017-1241 | medium | 4.3 | 4.3 | 9y ago | An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523. | |||
| CVE-2017-7144 | medium | 4.3 | 4.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Priva… | |||
| CVE-2017-10387 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 … | |||
| CVE-2017-10334 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1… | |||
| CVE-2017-10299 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabil… | |||
| CVE-2017-10287 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing). The supported version that is affected is 9.2. Easily exploitable vulnerabi… | |||
| CVE-2017-10164 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulner… | |||
| CVE-2017-12287 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, r… | |||
| CVE-2017-8726 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft s… | |||
| CVE-2017-11794 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge … | |||
| CVE-2017-11790 | medium | 4.3 | 4.3 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-10857 | medium | 4.3 | 4.3 | 9y ago | Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. | |||
| CVE-2017-14369 | medium | 4.3 | 4.3 | 9y ago | RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges a… | |||
| CVE-2017-15212 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user. | |||
| CVE-2017-15211 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. | |||
| CVE-2017-15210 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user. | |||
| CVE-2017-15209 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. |