Total
1405 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7307 | 1 Riverbed | 1 Rios | 2025-04-20 | 7.2 HIGH | 6.8 MEDIUM |
Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file. | |||||
CVE-2017-11437 | 1 Gitlab | 1 Gitlab | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users. | |||||
CVE-2017-9958 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root. | |||||
CVE-2017-12713 | 1 Advantech | 1 Webaccess | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts. | |||||
CVE-2017-16895 | 1 Arqbackup | 1 Arq | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet. | |||||
CVE-2017-9780 | 2 Debian, Flatpak | 2 Debian Linux, Flatpak | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root. | |||||
CVE-2017-9494 | 1 Motorola | 2 Mx011anm, Mx011anm Firmware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet. | |||||
CVE-2017-11653 | 1 Razer | 1 Synapse | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. | |||||
CVE-2017-0845 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827. | |||||
CVE-2017-17568 | 1 Scubez | 1 Posty Readymade Classifieds | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. | |||||
CVE-2017-1000022 | 1 Logicaldoc | 1 Logicaldoc | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. | |||||
CVE-2017-0830 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498. | |||||
CVE-2017-8857 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. | |||||
CVE-2017-3006 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications. | |||||
CVE-2017-0884 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for. | |||||
CVE-2017-0601 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579. | |||||
CVE-2017-15288 | 1 Scala-lang | 1 Scala | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. | |||||
CVE-2017-11422 | 1 Statamic | 1 Statamic | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc. | |||||
CVE-2017-0703 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882. | |||||
CVE-2017-9482 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session. |