Total
1399 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16895 | 1 Arqbackup | 1 Arq | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet. | |||||
| CVE-2017-12816 | 1 Kaspersky | 1 Internet Security | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | |||||
| CVE-2017-16638 | 1 Vde Project | 1 Vde | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script. | |||||
| CVE-2017-8158 | 1 Huawei | 1 Fusioncompute | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
| FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources. Successful exploit could make new VMs unavailable. | |||||
| CVE-2017-8856 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process. | |||||
| CVE-2017-7889 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. | |||||
| CVE-2017-13779 | 1 Gstn | 1 India Goods And Services Tax Network Offline Utility Tool | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution. | |||||
| CVE-2017-16933 | 1 Icinga | 1 Icinga | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. | |||||
| CVE-2017-16757 | 1 Hola | 1 Vpn | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file. | |||||
| CVE-2017-9615 | 1 Cognito | 1 Moneyworks | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file. | |||||
| CVE-2017-7560 | 1 Redhat | 1 Rhnsd | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. | |||||
| CVE-2017-11422 | 1 Statamic | 1 Statamic | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc. | |||||
| CVE-2017-14730 | 2 Elasticsearch, Gentoo | 2 Logstash, Linux | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. | |||||
| CVE-2017-0311 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Linux Kernel, Windows and 2 more | 2025-04-20 | 7.2 HIGH | 8.8 HIGH |
| NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. | |||||
| CVE-2017-9482 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session. | |||||
| CVE-2017-2290 | 2 Microsoft, Puppet | 2 Windows, Mcollective-puppet-agent | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1. | |||||
| CVE-2017-15945 | 3 Gentoo, Mariadb, Mysql | 3 Linux, Mariadb, Mysql | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. | |||||
| CVE-2017-8391 | 3 Ca, Linux, Microsoft | 3 Client Automation, Linux Kernel, Windows | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. | |||||
| CVE-2017-7563 | 1 Arm | 1 Arm Trusted Firmware | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits). | |||||
| CVE-2017-11437 | 1 Gitlab | 1 Gitlab | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users. | |||||