Vulnerabilities (CVE)

Filtered by CWE-732
Total 1405 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7307 1 Riverbed 1 Rios 2025-04-20 7.2 HIGH 6.8 MEDIUM
Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file.
CVE-2017-11437 1 Gitlab 1 Gitlab 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.
CVE-2017-9958 1 Schneider-electric 1 U.motion Builder 2025-04-20 7.2 HIGH 7.8 HIGH
An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.
CVE-2017-12713 1 Advantech 1 Webaccess 2025-04-20 4.6 MEDIUM 7.8 HIGH
An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts.
CVE-2017-16895 1 Arqbackup 1 Arq 2025-04-20 7.2 HIGH 7.8 HIGH
The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.
CVE-2017-9780 2 Debian, Flatpak 2 Debian Linux, Flatpak 2025-04-20 7.2 HIGH 7.8 HIGH
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.
CVE-2017-9494 1 Motorola 2 Mx011anm, Mx011anm Firmware 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet.
CVE-2017-11653 1 Razer 1 Synapse 2025-04-20 4.6 MEDIUM 7.8 HIGH
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file.
CVE-2017-0845 1 Google 1 Android 2025-04-20 5.0 MEDIUM 7.5 HIGH
A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.
CVE-2017-17568 1 Scubez 1 Posty Readymade Classifieds 2025-04-20 5.0 MEDIUM 7.5 HIGH
Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request.
CVE-2017-1000022 1 Logicaldoc 1 Logicaldoc 2025-04-20 6.5 MEDIUM 8.8 HIGH
LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation.
CVE-2017-0830 1 Google 1 Android 2025-04-20 9.3 HIGH 7.8 HIGH
An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498.
CVE-2017-8857 1 Veritas 2 Netbackup, Netbackup Appliance 2025-04-20 10.0 HIGH 9.8 CRITICAL
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
CVE-2017-3006 2 Adobe, Microsoft 2 Creative Cloud, Windows 2025-04-20 9.0 HIGH 8.8 HIGH
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.
CVE-2017-0884 1 Nextcloud 1 Nextcloud Server 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for.
CVE-2017-0601 1 Google 1 Android 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579.
CVE-2017-15288 1 Scala-lang 1 Scala 2025-04-20 7.2 HIGH 7.8 HIGH
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
CVE-2017-11422 1 Statamic 1 Statamic 2025-04-20 6.5 MEDIUM 8.8 HIGH
Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc.
CVE-2017-0703 1 Google 1 Android 2025-04-20 9.3 HIGH 7.8 HIGH
A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882.
CVE-2017-9482 1 Cisco 2 Dpc3939, Dpc3939 Firmware 2025-04-20 10.0 HIGH 9.8 CRITICAL
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session.