Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35771 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-4959 1 Pivotal Software 1 Cloud Foundry Elastic Runtime 2026-06-17 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.
CVE-2017-4945 2 Apple, Vmware 3 Mac Os X, Fusion, Workstation 2026-06-17 2.1 LOW 5.5 MEDIUM
VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.
CVE-2017-4942 1 Vmware 1 Airwatch Console 2026-06-17 4.0 MEDIUM 4.9 MEDIUM
VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.
CVE-2017-4932 2 Google, Vmware 2 Android, Airwatch Launcher 2026-06-17 4.6 MEDIUM 7.8 HIGH
VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege.
CVE-2017-4921 1 Vmware 1 Vcenter Server 2026-06-17 6.5 MEDIUM 8.8 HIGH
VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation.
CVE-2017-4898 1 Vmware 2 Workstation Player, Workstation Pro 2026-06-17 6.9 MEDIUM 8.8 HIGH
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
CVE-2017-4896 1 Vmware 2 Airwatch Agent, Airwatch Inbox 2026-06-17 2.1 LOW 3.8 LOW
Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.
CVE-2017-4895 1 Vmware 2 Airwatch Agent, Airwatch Inbox 2026-06-17 4.6 MEDIUM 8.8 HIGH
Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data.
CVE-2017-4057 1 Mcafee 1 Advanced Threat Defense 2026-06-17 6.5 MEDIUM 8.8 HIGH
Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands.
CVE-2017-4012 1 Mcafee 1 Network Data Loss Prevention 2026-06-17 5.0 MEDIUM 6.5 MEDIUM
Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request.
CVE-2017-3960 1 Mcafee 1 Network Security Manager 2026-06-17 6.5 MEDIUM 5.9 MEDIUM
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.
CVE-2017-3876 1 Cisco 1 Ios Xr 2026-06-17 7.8 HIGH 7.5 HIGH
A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could allow the attacker to crash the device in such a manner that manual intervention is required to recover. This vulnerability affects all Cisco IOS XR platforms that are running release 6.1.1 of Cisco IOS XR Software when the gRPC service is enabled on the device. The gRPC service is not enabled by default. Cisco Bug IDs: CSCvb14441.
CVE-2017-3869 1 Cisco 1 Prime Infrastructure 2026-06-17 5.5 MEDIUM 5.4 MEDIUM
An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. More Information: CSCuy36192. Known Affected Releases: 3.1(1) 3.1(1).
CVE-2017-3865 1 Cisco 1 Staros 2026-06-17 5.0 MEDIUM 5.8 MEDIUM
A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. Affected Products: ASR 5000 Series Routers, Virtualized Packet Core (VPC) Software. More Information: CSCvc21129. Known Affected Releases: 21.1.0 21.1.M0.65601 21.1.v0. Known Fixed Releases: 21.2.A0.65754 21.1.b0.66164 21.1.V0.66014 21.1.R0.65759 21.1.M0.65749 21.1.0.66030 21.1.0.
CVE-2017-3864 1 Cisco 2 Ios, Ios Xe 2026-06-17 7.8 HIGH 8.6 HIGH
A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and using a specific DHCP client configuration. Cisco Bug IDs: CSCuu43892.
CVE-2017-3804 1 Cisco 5 Nexus 5000, Nexus 6001, Nexus 6004 and 2 more 2026-06-17 5.7 MEDIUM 6.1 MEDIUM
A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. Switches in the FabricPath domain crash because of an __inst_001__isis_fabricpath hap reset when processing a crafted link-state packet. More Information: CSCvc45002. Known Affected Releases: 7.1(3)N1(2.1) 7.1(3)N1(3.12) 7.3(2)N1(0.296) 8.0(1)S2. Known Fixed Releases: 6.2(18)S11 7.0(3)I5(1.170) 7.0(3)I5(2) 7.1(4)N1(0.4) 7.1(4)N1(1b) 7.1(5)N1(0.986) 7.1(5)N1(1) 7.2(3)D1(0.8) 7.3(2)N1(0.304) 7.3(2)N1(1) 8.0(0.96)S0 8.0(1) 8.0(1)E1 8.0(1)S4 8.3(0)CV(0.788).
CVE-2017-3772 1 Lenovo 1 Pcmanager 2026-06-17 N/A 5.5 MEDIUM
A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.
CVE-2017-3771 1 Lenovo 6 Aio E95, Aio E95 Firmware, Thinkcentre M710s and 3 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.
CVE-2017-3770 1 Lenovo 1 Xclarity Administrator 2026-06-17 6.5 MEDIUM 8.8 HIGH
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.
CVE-2017-3767 2 Lenovo, Realtek 47 Thinkpad 10, Thinkpad 11e, Thinkpad 13 and 44 more 2026-06-17 7.2 HIGH 7.8 HIGH
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.