Total
1636 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7889 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2025-04-20 | 7.8 High |
| The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. | ||||
| CVE-2017-8858 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-20 | N/A |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process. | ||||
| CVE-2016-10156 | 1 Systemd Project | 1 Systemd | 2025-04-20 | N/A |
| A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | ||||
| CVE-2017-0423 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586. | ||||
| CVE-2017-7849 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. | ||||
| CVE-2017-9615 | 1 Cognito | 1 Moneyworks | 2025-04-20 | N/A |
| Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file. | ||||
| CVE-2017-17568 | 1 Scubez | 1 Posty Readymade Classifieds | 2025-04-20 | N/A |
| Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. | ||||
| CVE-2017-16895 | 1 Arqbackup | 1 Arq | 2025-04-20 | 7.8 High |
| The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet. | ||||
| CVE-2017-16882 | 1 Icinga | 1 Icinga | 2025-04-20 | N/A |
| Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido. | ||||
| CVE-2017-16757 | 1 Hola | 1 Vpn | 2025-04-20 | N/A |
| Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file. | ||||
| CVE-2017-16659 | 1 Anti-spam Smtp Proxy Project | 1 Anti-spam Smtp Proxy | 2025-04-20 | 7.8 High |
| The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script. | ||||
| CVE-2017-0884 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 4.3 Medium |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for. | ||||
| CVE-2017-15877 | 1 Sistemagpweb | 1 Gpweb | 2025-04-20 | N/A |
| Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. | ||||
| CVE-2017-7563 | 1 Arm | 1 Arm Trusted Firmware | 2025-04-20 | N/A |
| In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits). | ||||
| CVE-2017-15288 | 1 Scala-lang | 1 Scala | 2025-04-20 | 7.8 High |
| The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. | ||||
| CVE-2017-9079 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2025-04-20 | N/A |
| Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed. | ||||
| CVE-2017-14730 | 2 Elasticsearch, Gentoo | 2 Logstash, Linux | 2025-04-20 | N/A |
| The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. | ||||
| CVE-2017-9479 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2025-04-20 | N/A |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem. | ||||
| CVE-2017-16754 | 1 Boltcms | 1 Bolt | 2025-04-20 | N/A |
| Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. | ||||
| CVE-2017-12816 | 1 Kaspersky | 1 Internet Security | 2025-04-20 | 9.8 Critical |
| In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | ||||