Total
2176 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2192 | 1 Pl\/java Project | 1 Pl\/java | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own. | |||||
| CVE-2016-0767 | 1 Pl\/java Project | 1 Pl\/java | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath. | |||||
| CVE-2017-5940 | 1 Firejail Project | 1 Firejail | 2025-04-20 | 4.6 MEDIUM | 8.8 HIGH |
| Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180. | |||||
| CVE-2017-11438 | 1 Gitlab | 1 Gitlab | 2025-04-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup. | |||||
| CVE-2017-14312 | 1 Nagios | 1 Nagios Core | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. | |||||
| CVE-2017-1000082 | 1 Systemd Project | 1 Systemd | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended. | |||||
| CVE-2017-15055 | 1 Teampass | 1 Teampass | 2025-04-20 | 6.5 MEDIUM | 8.1 HIGH |
| TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the "item_id" parameter when invoking "copy_item" on items.queries.php. | |||||
| CVE-2017-16520 | 1 Inedo | 1 Buildmaster | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. | |||||
| CVE-2017-7922 | 1 Cambium Networks | 8 Epmp 1000, Epmp 1000 Firmware, Epmp 1000 Hotspot and 5 more | 2025-04-20 | 6.5 MEDIUM | 7.6 HIGH |
| An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes. | |||||
| CVE-2017-12635 | 1 Apache | 1 Couchdb | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges. | |||||
| CVE-2017-5722 | 1 Intel | 10 Nuc7i3bnh, Nuc7i3bnh Firmware, Nuc7i3bnk and 7 more | 2025-04-20 | 4.4 MEDIUM | 7.5 HIGH |
| Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage. | |||||
| CVE-2017-11319 | 1 Resolver | 1 Perspective | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms. | |||||
| CVE-2017-8114 | 1 Roundcube | 1 Webmail | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. | |||||
| CVE-2017-5623 | 1 Oneplus | 3 Oneplus 3, Oneplus 3t, Oxygenos | 2025-04-20 | 7.2 HIGH | 6.6 MEDIUM |
| An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked. | |||||
| CVE-2017-6401 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat. | |||||
| CVE-2017-1000156 | 1 Mahara | 1 Mahara | 2025-04-20 | 5.5 MEDIUM | 6.5 MEDIUM |
| Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role. | |||||
| CVE-2017-6732 | 1 Cisco | 1 Prime Network | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2). | |||||
| CVE-2017-10000 | 1 Oracle | 1 Hospitality Reporting And Analytics | 2025-04-20 | 4.0 MEDIUM | 7.7 HIGH |
| Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Reporting and Analytics. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). | |||||
| CVE-2017-11467 | 1 Orientdb | 1 Orientdb | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2017-7505 | 1 Theforeman | 1 Foreman | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords. | |||||