Total
1375 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18894 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 8.1 High |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover. | ||||
| CVE-2017-18872 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider. | ||||
| CVE-2017-18348 | 1 Splunk | 1 Splunk | 2024-08-05 | N/A |
| Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access. | ||||
| CVE-2017-18285 | 2 Burp Project, Gentoo | 2 Burp, Linux | 2024-08-05 | N/A |
| The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change. | ||||
| CVE-2017-18284 | 2 Burp Project, Gentoo | 2 Burp, Linux | 2024-08-05 | N/A |
| The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL. | ||||
| CVE-2017-18226 | 2 Gentoo, Jabberd2 | 2 Linux, Jabberd2 | 2024-08-05 | N/A |
| The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command. | ||||
| CVE-2017-18225 | 2 Gentoo, Jabberd2 | 2 Linux, Jabberd2 | 2024-08-05 | N/A |
| The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs. | ||||
| CVE-2017-17867 | 1 Intenogroup | 1 Iopsys | 2024-08-05 | N/A |
| Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration. | ||||
| CVE-2017-17677 | 1 Bmc | 1 Remedy Mid-tier | 2024-08-05 | 8.8 High |
| BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code. | ||||
| CVE-2017-17568 | 1 Scubez | 1 Posty Readymade Classifieds | 2024-08-05 | N/A |
| Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. | ||||
| CVE-2017-16945 | 2 Apple, Haystacksoftware | 2 Macos, Arq | 2024-08-05 | N/A |
| The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path. | ||||
| CVE-2017-16933 | 1 Icinga | 1 Icinga | 2024-08-05 | N/A |
| etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. | ||||
| CVE-2017-16928 | 2 Apple, Haystacksoftware | 2 Macos, Arq | 2024-08-05 | N/A |
| The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip. | ||||
| CVE-2017-16882 | 1 Icinga | 1 Icinga | 2024-08-05 | N/A |
| Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido. | ||||
| CVE-2017-16885 | 1 Fiberhome | 2 Lm53q1, Lm53q1 Firmware | 2024-08-05 | N/A |
| Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc. | ||||
| CVE-2017-16895 | 1 Arqbackup | 1 Arq | 2024-08-05 | 7.8 High |
| The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet. | ||||
| CVE-2017-16834 | 1 Pnp4nagios | 1 Pnp4nagios | 2024-08-05 | N/A |
| PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account. | ||||
| CVE-2017-16754 | 1 Boltcms | 1 Bolt | 2024-08-05 | N/A |
| Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. | ||||
| CVE-2017-16757 | 1 Hola | 1 Vpn | 2024-08-05 | N/A |
| Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file. | ||||
| CVE-2017-16630 | 1 Sapphireims | 1 Sapphireims | 2024-08-05 | 8.8 High |
| In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function. | ||||