ReportizFlow
Filtered by vendor
Subscriptions
Total
1677 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-0830 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498. | ||||
| CVE-2017-6356 | 1 Paloaltonetworks | 1 Terminal Services Agent | 2025-04-20 | 5.3 Medium |
| Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors. | ||||
| CVE-2017-16659 | 1 Anti-spam Smtp Proxy Project | 1 Anti-spam Smtp Proxy | 2025-04-20 | 7.8 High |
| The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script. | ||||
| CVE-2017-0601 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579. | ||||
| CVE-2017-11652 | 1 Razer | 1 Synapse | 2025-04-20 | 8.4 High |
| Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. | ||||
| CVE-2017-0423 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586. | ||||
| CVE-2017-1000096 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2025-04-20 | N/A |
| Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. | ||||
| CVE-2017-11422 | 1 Statamic | 1 Statamic | 2025-04-20 | 8.8 High |
| Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc. | ||||
| CVE-2017-1000095 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2025-04-20 | N/A |
| The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild['rawBuild'] rather than currentBuild.rawBuild. Additionally, the following entries allowed accessing private data that would not be accessible otherwise due to script security: groovy.json.JsonOutput.toJson(Closure); groovy.json.JsonOutput.toJson(Object). | ||||
| CVE-2017-16638 | 1 Vde Project | 1 Vde | 2025-04-20 | N/A |
| The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script. | ||||
| CVE-2017-8857 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-20 | N/A |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. | ||||
| CVE-2017-8665 | 2 Apple, Microsoft | 2 Macos, Xamarin.ios | 2025-04-20 | N/A |
| The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability." | ||||
| CVE-2017-1000022 | 1 Logicaldoc | 1 Logicaldoc | 2025-04-20 | N/A |
| LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. | ||||
| CVE-2017-7199 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue. | ||||
| CVE-2017-9792 | 1 Apache | 1 Impala | 2025-04-20 | N/A |
| In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works around the authorization requirement that creating a Kudu external table via Impala requires an "ALL" privilege at the server scope. This privilege requirement for "CREATE" commands is enforced to precisely avoid this scenario where a malicious user can change the underlying Kudu table mapping. The fix is to enforce the same privilege requirement for "ALTER" commands that would make existing non-external Kudu tables external. | ||||
| CVE-2017-14312 | 1 Nagios | 1 Nagios Core | 2025-04-20 | N/A |
| Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. | ||||
| CVE-2017-0883 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | N/A |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for. | ||||
| CVE-2017-0884 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 4.3 Medium |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for. | ||||
| CVE-2017-6104 | 1 Zen Mobile App Native Project | 1 Zen Mobile App Native | 2025-04-20 | N/A |
| Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. | ||||
| CVE-2016-5411 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2025-04-20 | N/A |
| /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. | ||||