Search Results (1764 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-0601 1 Google 1 Android 2025-04-20 N/A
An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579.
CVE-2017-0752 1 Google 1 Android 2025-04-20 N/A
A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835.
CVE-2017-1266 1 Ibm 1 Security Guardium 2025-04-20 N/A
IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.
CVE-2017-12713 1 Advantech 1 Webaccess 2025-04-20 N/A
An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts.
CVE-2017-14730 2 Elasticsearch, Gentoo 2 Logstash, Linux 2025-04-20 N/A
The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.
CVE-2017-15611 1 Octopus 1 Octopus Deploy 2025-04-20 N/A
In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges.
CVE-2017-2290 2 Microsoft, Puppet 2 Windows, Mcollective-puppet-agent 2025-04-20 8.8 High
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1.
CVE-2017-3006 2 Adobe, Microsoft 2 Creative Cloud, Windows 2025-04-20 N/A
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.
CVE-2017-5199 1 Solarwinds 1 Log And Event Manager 2025-04-20 N/A
The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl.
CVE-2017-7199 1 Tenable 1 Nessus 2025-04-20 N/A
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.
CVE-2017-8158 1 Huawei 1 Fusioncompute 2025-04-20 N/A
FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources. Successful exploit could make new VMs unavailable.
CVE-2017-9079 2 Debian, Dropbear Ssh Project 2 Debian Linux, Dropbear Ssh 2025-04-20 N/A
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.
CVE-2017-0784 1 Google 1 Android 2025-04-20 N/A
A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.
CVE-2017-0883 1 Nextcloud 1 Nextcloud Server 2025-04-20 N/A
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for.
CVE-2017-1000221 1 Apereo 1 Opencast 2025-04-20 N/A
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.
CVE-2017-15288 1 Scala-lang 1 Scala 2025-04-20 7.8 High
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
CVE-2017-12816 1 Kaspersky 1 Internet Security 2025-04-20 9.8 Critical
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.
CVE-2017-7146 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling.
CVE-2017-8109 1 Saltstack 1 Salt 2025-04-20 N/A
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
CVE-2017-7849 1 Tenable 1 Nessus 2025-04-20 N/A
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.