Total
1627 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-3006 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2025-04-20 | N/A |
| Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications. | ||||
| CVE-2017-1000096 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2025-04-20 | N/A |
| Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. | ||||
| CVE-2017-14312 | 1 Nagios | 1 Nagios Core | 2025-04-20 | N/A |
| Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. | ||||
| CVE-2017-1000125 | 1 Codiad | 1 Codiad | 2025-04-20 | N/A |
| Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | ||||
| CVE-2017-12847 | 1 Nagios | 1 Nagios | 2025-04-20 | N/A |
| Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | ||||
| CVE-2017-12816 | 1 Kaspersky | 1 Internet Security | 2025-04-20 | 9.8 Critical |
| In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | ||||
| CVE-2017-16834 | 1 Pnp4nagios | 1 Pnp4nagios | 2025-04-20 | N/A |
| PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account. | ||||
| CVE-2017-16757 | 1 Hola | 1 Vpn | 2025-04-20 | N/A |
| Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file. | ||||
| CVE-2017-11437 | 1 Gitlab | 1 Gitlab | 2025-04-20 | N/A |
| GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users. | ||||
| CVE-2017-16659 | 1 Anti-spam Smtp Proxy Project | 1 Anti-spam Smtp Proxy | 2025-04-20 | 7.8 High |
| The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script. | ||||
| CVE-2017-2115 | 1 Cybozu | 1 Office | 2025-04-20 | N/A |
| Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. | ||||
| CVE-2017-0703 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882. | ||||
| CVE-2017-16933 | 1 Icinga | 1 Icinga | 2025-04-20 | N/A |
| etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. | ||||
| CVE-2017-15877 | 1 Sistemagpweb | 1 Gpweb | 2025-04-20 | N/A |
| Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. | ||||
| CVE-2017-5199 | 1 Solarwinds | 1 Log And Event Manager | 2025-04-20 | N/A |
| The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | ||||
| CVE-2017-15288 | 1 Scala-lang | 1 Scala | 2025-04-20 | 7.8 High |
| The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. | ||||
| CVE-2017-14730 | 2 Elasticsearch, Gentoo | 2 Logstash, Linux | 2025-04-20 | N/A |
| The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. | ||||
| CVE-2017-16754 | 1 Boltcms | 1 Bolt | 2025-04-20 | N/A |
| Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. | ||||
| CVE-2017-9482 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2025-04-20 | N/A |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session. | ||||
| CVE-2017-7307 | 1 Riverbed | 1 Rios | 2025-04-20 | N/A |
| Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file. | ||||