Total
84 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11145 | 1 Intel | 1 Driver \& Support Assistant | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Improper file verification in IntelĀ® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2017-9327 | 1 Cloudera | 1 Cloudera Manager | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Secret data of processes managed by CM is not secured by file permissions. | |||||
| CVE-2017-8153 | 1 Huawei | 1 Vmall | 2026-06-17 | 5.8 MEDIUM | 7.1 HIGH |
| Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak. | |||||
| CVE-2017-7145 | 1 Apple | 1 Iphone Os | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data. | |||||
| CVE-2017-7144 | 1 Apple | 2 Iphone Os, Safari | 2026-06-17 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling. | |||||
| CVE-2017-7088 | 1 Apple | 1 Iphone Os | 2026-06-17 | 7.1 HIGH | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Exchange ActiveSync" component. It allows remote attackers to erase a device in opportunistic circumstances by hijacking a cleartext AutoDiscover V1 session during the setup of an Exchange account. | |||||
| CVE-2017-6513 | 1 Softaculous | 2 Virtualizor, Whmcs Reseller Module | 2026-06-17 | 6.5 MEDIUM | 9.9 CRITICAL |
| The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL. | |||||
| CVE-2017-5809 | 1 Hp | 1 Data Protector | 2026-06-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | |||||
| CVE-2017-2694 | 1 Huawei | 1 Vmall | 2026-06-17 | 4.3 MEDIUM | 3.3 LOW |
| The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience. | |||||
| CVE-2017-2590 | 2 Freeipa, Redhat | 7 Freeipa, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2026-06-17 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys. | |||||
| CVE-2017-1418 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2026-06-17 | 3.6 LOW | 4.0 MEDIUM |
| IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406. | |||||
| CVE-2017-1396 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2026-06-17 | 5.5 MEDIUM | 4.2 MEDIUM |
| IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342. | |||||
| CVE-2017-18427 | 1 Cpanel | 1 Cpanel | 2026-06-17 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). | |||||
| CVE-2017-18425 | 1 Cpanel | 1 Cpanel | 2026-06-17 | 1.9 LOW | 2.5 LOW |
| In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | |||||
| CVE-2017-18422 | 1 Cpanel | 1 Cpanel | 2026-06-17 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). | |||||
| CVE-2017-18397 | 1 Cpanel | 1 Cpanel | 2026-06-17 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). | |||||
| CVE-2017-18390 | 1 Cpanel | 1 Cpanel | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | |||||
| CVE-2017-17876 | 1 Iwcnetwork | 1 Shift | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. | |||||
| CVE-2017-17060 | 1 Open-xchange | 1 Open-xchange Appsuite | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions. | |||||
| CVE-2017-16887 | 1 Fiberhome | 2 Lm53q1, Lm53q1 Firmware | 2026-06-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password. | |||||