Total
1499 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12155 | 2 Ceph, Redhat | 2 Ceph, Openstack | 2025-04-20 | N/A |
| A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. | ||||
| CVE-2017-16882 | 1 Icinga | 1 Icinga | 2025-04-20 | N/A |
| Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido. | ||||
| CVE-2017-0593 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230. | ||||
| CVE-2017-0423 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586. | ||||
| CVE-2017-5199 | 1 Solarwinds | 1 Log And Event Manager | 2025-04-20 | N/A |
| The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | ||||
| CVE-2017-0317 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-20 | N/A |
| All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution. | ||||
| CVE-2017-0311 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Linux Kernel, Windows and 2 more | 2025-04-20 | N/A |
| NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. | ||||
| CVE-2017-13779 | 1 Gstn | 1 India Goods And Services Tax Network Offline Utility Tool | 2025-04-20 | 7.8 High |
| GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution. | ||||
| CVE-2017-15288 | 1 Scala-lang | 1 Scala | 2025-04-20 | 7.8 High |
| The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. | ||||
| CVE-2017-12713 | 1 Advantech | 1 Webaccess | 2025-04-20 | N/A |
| An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts. | ||||
| CVE-2017-15877 | 1 Sistemagpweb | 1 Gpweb | 2025-04-20 | N/A |
| Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. | ||||
| CVE-2017-15945 | 3 Gentoo, Mariadb, Mysql | 3 Linux, Mariadb, Mysql | 2025-04-20 | N/A |
| The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. | ||||
| CVE-2017-0352 | 1 Nvidia | 1 Gpu Driver | 2025-04-20 | N/A |
| All versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation of privileges | ||||
| CVE-2017-7493 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 7.8 High |
| Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. | ||||
| CVE-2017-0883 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | N/A |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for. | ||||
| CVE-2017-9606 | 1 Infotecs | 2 Vipnet Client, Vipnet Coordinator | 2025-04-20 | N/A |
| Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks. | ||||
| CVE-2017-16659 | 1 Anti-spam Smtp Proxy Project | 1 Anti-spam Smtp Proxy | 2025-04-20 | 7.8 High |
| The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script. | ||||
| CVE-2017-16757 | 1 Hola | 1 Vpn | 2025-04-20 | N/A |
| Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file. | ||||
| CVE-2017-16834 | 1 Pnp4nagios | 1 Pnp4nagios | 2025-04-20 | N/A |
| PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account. | ||||
| CVE-2017-12847 | 1 Nagios | 1 Nagios | 2025-04-20 | N/A |
| Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | ||||