Total
1672 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4982 | 1 Teether | 1 Authd | 2025-04-20 | N/A |
| authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. | ||||
| CVE-2017-6338 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2025-04-20 | N/A |
| Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key. | ||||
| CVE-2017-0884 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 4.3 Medium |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for. | ||||
| CVE-2016-3107 | 2 Pulpproject, Redhat | 3 Pulp, Satellite, Satellite Capsule | 2025-04-20 | N/A |
| The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data. | ||||
| CVE-2017-14312 | 1 Nagios | 1 Nagios Core | 2025-04-20 | N/A |
| Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. | ||||
| CVE-2017-8856 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-20 | N/A |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process. | ||||
| CVE-2017-9780 | 2 Debian, Flatpak | 2 Debian Linux, Flatpak | 2025-04-20 | N/A |
| In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root. | ||||
| CVE-2017-6950 | 1 Sap | 1 Gui For Windows | 2025-04-20 | N/A |
| SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. | ||||
| CVE-2016-10156 | 1 Systemd Project | 1 Systemd | 2025-04-20 | N/A |
| A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | ||||
| CVE-2017-12713 | 1 Advantech | 1 Webaccess | 2025-04-20 | N/A |
| An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts. | ||||
| CVE-2017-8391 | 3 Ca, Linux, Microsoft | 3 Client Automation, Linux Kernel, Windows | 2025-04-20 | N/A |
| The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. | ||||
| CVE-2017-1000096 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2025-04-20 | N/A |
| Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. | ||||
| CVE-2017-16882 | 1 Icinga | 1 Icinga | 2025-04-20 | N/A |
| Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido. | ||||
| CVE-2017-17568 | 1 Scubez | 1 Posty Readymade Classifieds | 2025-04-20 | N/A |
| Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. | ||||
| CVE-2017-1266 | 1 Ibm | 1 Security Guardium | 2025-04-20 | N/A |
| IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741. | ||||
| CVE-2017-15906 | 5 Debian, Netapp, Openbsd and 2 more | 23 Debian Linux, Active Iq Unified Manager, Cloud Backup and 20 more | 2025-04-20 | 5.3 Medium |
| The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | ||||
| CVE-2017-16895 | 1 Arqbackup | 1 Arq | 2025-04-20 | 7.8 High |
| The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet. | ||||
| CVE-2017-9615 | 1 Cognito | 1 Moneyworks | 2025-04-20 | N/A |
| Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file. | ||||
| CVE-2017-9462 | 3 Debian, Mercurial, Redhat | 9 Debian Linux, Mercurial, Enterprise Linux and 6 more | 2025-04-20 | 8.8 High |
| In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | ||||
| CVE-2017-9494 | 1 Motorola | 2 Mx011anm, Mx011anm Firmware | 2025-04-20 | N/A |
| The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet. | ||||