ReportizFlow
Filtered by vendor
Subscriptions
Total
1409 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000071 | 1 Roundcube | 1 Webmail | 2024-11-21 | N/A |
| roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity. | ||||
| CVE-2018-1000028 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.4 High |
| Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the "rootsquash" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa. | ||||
| CVE-2018-1000025 | 1 Firebase Admin Sdk For Php Project | 1 Firebase Admin Sdk For Php | 2024-11-21 | N/A |
| Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. This attack appear to be exploitable via Attacker would only need to know email address of the victim on most cases.. This vulnerability appears to have been fixed in 3.8.1. | ||||
| CVE-2018-0982 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | N/A |
| An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| CVE-2018-0752 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more | 2024-11-21 | N/A |
| The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0751. | ||||
| CVE-2017-9958 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | N/A |
| An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root. | ||||
| CVE-2017-9792 | 1 Apache | 1 Impala | 2024-11-21 | N/A |
| In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works around the authorization requirement that creating a Kudu external table via Impala requires an "ALL" privilege at the server scope. This privilege requirement for "CREATE" commands is enforced to precisely avoid this scenario where a malicious user can change the underlying Kudu table mapping. The fix is to enforce the same privilege requirement for "ALTER" commands that would make existing non-external Kudu tables external. | ||||
| CVE-2017-9780 | 2 Debian, Flatpak | 2 Debian Linux, Flatpak | 2024-11-21 | N/A |
| In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root. | ||||
| CVE-2017-9626 | 1 Marel | 2 Pluto1203, Pluto2 | 2024-11-21 | N/A |
| Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication. | ||||
| CVE-2017-9615 | 1 Cognito | 1 Moneyworks | 2024-11-21 | N/A |
| Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file. | ||||
| CVE-2017-9606 | 1 Infotecs | 2 Vipnet Client, Vipnet Coordinator | 2024-11-21 | N/A |
| Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks. | ||||
| CVE-2017-9602 | 1 Kbvault Mysql Project | 1 Kbvault Mysql | 2024-11-21 | 9.8 Critical |
| KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code. | ||||
| CVE-2017-9514 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo. | ||||
| CVE-2017-9494 | 1 Motorola | 2 Mx011anm, Mx011anm Firmware | 2024-11-21 | N/A |
| The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet. | ||||
| CVE-2017-9482 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2024-11-21 | N/A |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session. | ||||
| CVE-2017-9479 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2024-11-21 | N/A |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem. | ||||
| CVE-2017-9462 | 3 Debian, Mercurial, Redhat | 9 Debian Linux, Mercurial, Enterprise Linux and 6 more | 2024-11-21 | 8.8 High |
| In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | ||||
| CVE-2017-9268 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption). | ||||
| CVE-2017-9136 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2024-11-21 | N/A |
| An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device). | ||||
| CVE-2017-9079 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2024-11-21 | N/A |
| Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed. | ||||