Total
1371 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0752 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835. | |||||
| CVE-2017-9780 | 2 Debian, Flatpak | 2 Debian Linux, Flatpak | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root. | |||||
| CVE-2017-1000096 | 1 Jenkins | 1 Pipeline\ | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. | |||||
| CVE-2017-9479 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem. | |||||
| CVE-2017-11653 | 1 Razer | 1 Synapse | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. | |||||
| CVE-2017-1000153 | 1 Mahara | 1 Mahara | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account. | |||||
| CVE-2017-8858 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process. | |||||
| CVE-2017-6338 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key. | |||||
| CVE-2017-0703 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882. | |||||
| CVE-2017-16895 | 1 Arqbackup | 1 Arq | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet. | |||||
| CVE-2017-12816 | 1 Kaspersky | 1 Internet Security | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | |||||
| CVE-2017-16638 | 1 Vde Project | 1 Vde | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script. | |||||
| CVE-2017-8158 | 1 Huawei | 1 Fusioncompute | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
| FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources. Successful exploit could make new VMs unavailable. | |||||
| CVE-2017-8856 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process. | |||||
| CVE-2017-7889 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. | |||||
| CVE-2017-13779 | 1 Gstn | 1 India Goods And Services Tax Network Offline Utility Tool | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution. | |||||
| CVE-2017-16933 | 1 Icinga | 1 Icinga | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. | |||||
| CVE-2017-16757 | 1 Hola | 1 Vpn | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file. | |||||
| CVE-2017-9615 | 1 Cognito | 1 Moneyworks | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file. | |||||
| CVE-2017-7560 | 1 Redhat | 1 Rhnsd | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. | |||||