Total
1266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15288 | 1 Scala-lang | 1 Scala | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. | |||||
| CVE-2017-14730 | 2 Elasticsearch, Gentoo | 2 Logstash, Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. | |||||
| CVE-2017-13779 | 1 Gstn | 1 India Goods And Services Tax Network Offline Utility Tool | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution. | |||||
| CVE-2017-13236 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699. | |||||
| CVE-2017-13168 | 2 Canonical, Google | 2 Ubuntu Linux, Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233. | |||||
| CVE-2017-12816 | 1 Kaspersky | 1 Internet Security | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | |||||
| CVE-2017-12713 | 1 Advantech | 1 Webaccess | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts. | |||||
| CVE-2017-11653 | 1 Razer | 1 Synapse | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. | |||||
| CVE-2017-11652 | 1 Razer | 1 Synapse | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
| Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. | |||||
| CVE-2017-11437 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users. | |||||
| CVE-2017-11422 | 1 Statamic | 1 Statamic | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc. | |||||
| CVE-2017-11156 | 1 Synology | 1 Download Station | 2024-11-21 | 6.5 MEDIUM | 7.8 HIGH |
| Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors. | |||||
| CVE-2017-1000485 | 1 Nylas Mail Lives Project | 1 Nylas Mail | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations. | |||||
| CVE-2017-1000461 | 1 Brave | 1 Browser | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block). | |||||
| CVE-2017-1000403 | 1 Jenkins | 1 Speaks\! | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts. | |||||
| CVE-2017-1000221 | 1 Apereo | 1 Opencast | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X. | |||||
| CVE-2017-1000153 | 1 Mahara | 1 Mahara | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account. | |||||
| CVE-2017-1000134 | 1 Mahara | 1 Mahara | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them. | |||||
| CVE-2017-1000125 | 1 Codiad | 1 Codiad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | |||||
| CVE-2017-1000096 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. | |||||