Total
2110 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7532 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
In Moodle 3.x, course creators are able to change system default settings for courses. | |||||
CVE-2017-5142 | 1 Honeywell | 1 Xl Web Ii Controller | 2025-04-20 | 6.5 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management. | |||||
CVE-2017-9662 | 1 Fujielectric | 1 Monitouch V-sft | 2025-04-20 | 4.6 MEDIUM | 5.3 MEDIUM |
An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges. | |||||
CVE-2017-7916 | 1 Abb | 4 Vsn300, Vsn300 Firmware, Vsn300 For React and 1 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted. | |||||
CVE-2017-4982 | 1 Emc | 1 Mainframe Enablers Resourcepak Base | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
CVE-2017-5572 | 1 Citrix | 1 Xenserver | 2025-04-20 | 5.5 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database. | |||||
CVE-2017-5084 | 1 Google | 1 Chrome Os | 2025-04-20 | 2.1 LOW | 3.3 LOW |
Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint. | |||||
CVE-2017-11361 | 1 Intenogroup | 2 Inteno Router, Inteno Router Firmware | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key.) | |||||
CVE-2017-13707 | 1 Axcient | 1 Replibit | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd. | |||||
CVE-2017-15917 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server. | |||||
CVE-2017-15014 | 1 Opentext | 1 Documentum Content Server | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call. As the result of this design, any authenticated user may create his own dmr_content object, pointing to already existing content in the Content Server filesystem. | |||||
CVE-2017-9940 | 1 Siemens | 1 Sipass Integrated | 2025-04-20 | 5.5 MEDIUM | 8.1 HIGH |
A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network. | |||||
CVE-2017-1000241 | 1 Open-emr | 1 Openemr | 2025-04-20 | 6.5 MEDIUM | 8.1 HIGH |
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators. | |||||
CVE-2017-6954 | 1 Buddypress | 1 Buddypress | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions. | |||||
CVE-2017-9944 | 1 Siemens | 2 7kt Pac1200 Data Manager, 7kt Pac1200 Data Manager Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network. | |||||
CVE-2017-15013 | 1 Opentext | 1 Documentum Content Server | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges. | |||||
CVE-2017-0310 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Linux Kernel, Windows and 2 more | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service. | |||||
CVE-2017-6507 | 2 Apparmor, Canonical | 3 Apparmor, Ubuntu Core, Ubuntu Touch | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic. | |||||
CVE-2017-9724 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address. | |||||
CVE-2017-1000003 | 1 Atutor | 1 Atutor | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Module component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Alternative Content component resulting in privilege escalation. |