Total
1208 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8857 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. | |||||
| CVE-2017-7199 | 1 Tenable | 1 Nessus | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue. | |||||
| CVE-2017-7850 | 1 Tenable | 1 Nessus | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. | |||||
| CVE-2017-3006 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications. | |||||
| CVE-2017-7849 | 1 Tenable | 1 Nessus | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. | |||||
| CVE-2017-8858 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process. | |||||
| CVE-2017-9079 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2024-02-04 | 4.7 MEDIUM | 4.7 MEDIUM |
| Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed. | |||||
| CVE-2017-0311 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Linux Kernel, Windows and 2 more | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
| NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. | |||||
| CVE-2017-0883 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-04 | 5.5 MEDIUM | 6.4 MEDIUM |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for. | |||||
| CVE-2017-7493 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. | |||||
| CVE-2017-6338 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key. | |||||
| CVE-2017-8856 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process. | |||||
| CVE-2017-7889 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. | |||||
| CVE-2017-6356 | 1 Paloaltonetworks | 1 Terminal Services Agent | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors. | |||||
| CVE-2017-2290 | 2 Microsoft, Puppet | 2 Windows, Mcollective-puppet-agent | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1. | |||||
| CVE-2017-0884 | 1 Nextcloud | 1 Nextcloud | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for. | |||||
| CVE-2017-5199 | 1 Solarwinds | 1 Log And Event Manager | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | |||||
| CVE-2017-0593 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230. | |||||
| CVE-2017-2115 | 1 Cybozu | 1 Office | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. | |||||
| CVE-2017-9136 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device). | |||||