Filtered by CWE-276
Filtered by vendor Subscriptions
Total 1139 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-6404 1 Veritas 2 Netbackup, Netbackup Appliance 2024-11-21 N/A
An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.
CVE-2017-5686 1 Intel 4 Nuc6i3syh Bios, Nuc6i3syk, Nuc6i3syk Bios and 1 more 2024-11-21 N/A
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information.
CVE-2017-5685 1 Intel 2 Nuc6i7kyk, Nuc6i7kyk Bios 2024-11-21 N/A
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information.
CVE-2017-5684 1 Intel 2 Stk2mv64cc, Stk2mv64cc Bios 2024-11-21 N/A
The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.
CVE-2017-5642 1 Apache 1 Ambari 2024-11-21 N/A
During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.
CVE-2017-5622 1 Oneplus 3 Oneplus 3, Oneplus 3t, Oxygenos 2024-11-21 N/A
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information.
CVE-2017-4975 1 Pivotal 1 Pcf Tile Generator 2024-11-21 N/A
An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator.
CVE-2017-3210 4 Fujitsu, Hp, Philips and 1 more 6 Displayview Click, Displayview Click Suite, Display Assistant and 3 more 2024-11-21 N/A
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.
CVE-2017-3209 2 Busybox, Dbpower 3 Busybox, U818a, U818a Firmware 2024-11-21 8.1 High
The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and provides full filesystem read/write permissions to the anonymous user. A remote user within range of the open access point on the drone may utilize the anonymous user of the FTP server to read arbitrary files, such as images and video recorded by the device, or to replace system files such as /etc/shadow to gain further access to the device. Furthermore, the DBPOWER U818A WIFI quadcopter drone uses BusyBox 1.20.2, which was released in 2012, and may be vulnerable to other known BusyBox vulnerabilities.
CVE-2017-1382 1 Ibm 1 Websphere Application Server 2024-11-21 N/A
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153.
CVE-2017-18915 1 Mattermost 1 Mattermost Server 2024-11-21 9.8 Critical
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.
CVE-2017-18868 1 Digi 2 Xbee 2, Xbee 2 Firmware 2024-11-21 7.7 High
Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built.
CVE-2017-18669 1 Google 1 Android 2024-11-21 7.5 High
An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June 2017).
CVE-2017-18668 1 Google 1 Android 2024-11-21 7.5 High
An issue was discovered on Samsung mobile devices with M(6.0) software. Attackers can prevent users from making outbound calls and sending outbound text messages. The Samsung ID is SVE-2017-8706 (June 2017).
CVE-2017-16522 1 Mitrastar 4 Dsl-100hn-t1, Dsl-100hn-t1 Firmware, Gpt-2541gnac and 1 more 2024-11-21 N/A
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.
CVE-2017-16128 1 Npm-script-demo Project 1 Npm-script-demo 2024-11-21 N/A
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.
CVE-2017-16127 1 Pandora-doomsday Project 1 Pandora-doomsday 2024-11-21 N/A
The module pandora-doomsday infects other modules. It's since been unpublished from the registry.
CVE-2017-15131 2 Freedesktop, Redhat 2 Xdg-user-dirs, Enterprise Linux 2024-11-21 N/A
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.
CVE-2017-14427 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.
CVE-2017-14425 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.