Total
1405 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0831 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Android framework (window manager). Product: Android. Versions: 8.0. Android ID: A-37442941. | |||||
| CVE-2017-0423 | 1 Google | 1 Android | 2025-04-20 | 2.9 LOW | 5.3 MEDIUM |
| An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586. | |||||
| CVE-2017-7560 | 1 Redhat | 1 Rhnsd | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. | |||||
| CVE-2017-8665 | 2 Apple, Microsoft | 2 Macos, Xamarin.ios | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability." | |||||
| CVE-2017-7307 | 1 Riverbed | 1 Rios | 2025-04-20 | 7.2 HIGH | 6.8 MEDIUM |
| Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file. | |||||
| CVE-2017-7563 | 1 Arm | 1 Arm Trusted Firmware | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits). | |||||
| CVE-2017-3166 | 1 Apache | 1 Hadoop | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file. | |||||
| CVE-2017-9494 | 1 Motorola | 2 Mx011anm, Mx011anm Firmware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet. | |||||
| CVE-2017-1000134 | 1 Mahara | 1 Mahara | 2025-04-20 | 6.5 MEDIUM | 8.1 HIGH |
| Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them. | |||||
| CVE-2017-8158 | 1 Huawei | 1 Fusioncompute | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
| FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources. Successful exploit could make new VMs unavailable. | |||||
| CVE-2017-9479 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem. | |||||
| CVE-2017-14730 | 2 Elasticsearch, Gentoo | 2 Logstash, Linux | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. | |||||
| CVE-2017-7146 | 1 Apple | 1 Iphone Os | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling. | |||||
| CVE-2017-5199 | 1 Solarwinds | 1 Log And Event Manager | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | |||||
| CVE-2017-8449 | 1 Elastic | 1 X-pack | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index. | |||||
| CVE-2017-8391 | 3 Ca, Linux, Microsoft | 3 Client Automation, Linux Kernel, Windows | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. | |||||
| CVE-2017-8858 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process. | |||||
| CVE-2017-16895 | 1 Arqbackup | 1 Arq | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet. | |||||
| CVE-2017-0845 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827. | |||||
| CVE-2017-9079 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2025-04-20 | 4.7 MEDIUM | 4.7 MEDIUM |
| Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed. | |||||