Total
5138 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1002151 | 1 Redhat | 1 Pagure | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | |||||
| CVE-2017-3813 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976. | |||||
| CVE-2017-10846 | 1 Nttdocomo | 2 Wi-fi Station L-02f, Wi-fi Station L-02f Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. | |||||
| CVE-2017-1000243 | 1 Jenkins | 1 Favorite Plugin | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites | |||||
| CVE-2017-4985 | 1 Emc | 4 Vnx1, Vnx1 Firmware, Vnx2 and 1 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system. | |||||
| CVE-2017-11135 | 1 Stashcat | 1 Heinekingmedia | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore, an attacker only needs to know the device ID. This causes a denial of service. This might be interpreted as a vulnerability in customer-controlled software, in the sense that the StashCat client side has no secure way to signal that it is ending a session and that data should be deleted. | |||||
| CVE-2017-17433 | 2 Debian, Samba | 2 Debian Linux, Rsync | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2017-6564 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks. | |||||
| CVE-2017-17665 | 1 Octopus | 1 Octopus Deploy | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access. | |||||
| CVE-2017-6251 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges. | |||||
| CVE-2017-17450 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. | |||||
| CVE-2017-8083 | 1 Compulab | 4 Intense Pc, Intense Pc Firmware, Mintbox 2 and 1 more | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges. | |||||
| CVE-2017-9036 | 1 Trendmicro | 1 Serverprotect | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. | |||||
| CVE-2017-12084 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server. | |||||
| CVE-2017-17693 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback. | |||||
| CVE-2017-9232 | 1 Canonical | 1 Juju | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root. | |||||
| CVE-2017-6598 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69). | |||||
| CVE-2017-6622 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724. | |||||
| CVE-2017-0896 | 1 Zulip | 1 Zulip Server | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this. | |||||
| CVE-2017-12582 | 1 Qnap | 2 Ts-212p, Ts-212p Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station. | |||||