Total
1004 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-8158 | 1 Huawei | 1 Fusioncompute | 2019-10-02 | 4.9 MEDIUM | 6.5 MEDIUM |
FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources. Successful exploit could make new VMs unavailable. | |||||
CVE-2017-7850 | 1 Tenable | 1 Nessus | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. | |||||
CVE-2017-7849 | 1 Tenable | 1 Nessus | 2019-10-02 | 2.1 LOW | 5.5 MEDIUM |
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. | |||||
CVE-2017-7821 | 1 Mozilla | 1 Firefox | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types. This vulnerability affects Firefox < 56. | |||||
CVE-2017-7563 | 1 Arm | 1 Arm Trusted Firmware | 2019-10-02 | 6.8 MEDIUM | 8.1 HIGH |
In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits). | |||||
CVE-2017-7337 | 1 Fortinet | 1 Fortiportal | 2019-10-02 | 6.4 MEDIUM | 9.1 CRITICAL |
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. | |||||
CVE-2017-7307 | 1 Riverbed | 1 Rios | 2019-10-02 | 7.2 HIGH | 6.8 MEDIUM |
Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file. | |||||
CVE-2017-7199 | 1 Tenable | 1 Nessus | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue. | |||||
CVE-2017-7146 | 1 Apple | 1 Iphone Os | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling. | |||||
CVE-2017-6950 | 1 Sap | 1 Gui For Windows | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. | |||||
CVE-2017-6928 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2019-10-02 | 3.5 LOW | 5.3 MEDIUM |
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations. | |||||
CVE-2017-6338 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key. | |||||
CVE-2017-6104 | 1 Zen Mobile App Native Project | 1 Zen Mobile App Native | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. | |||||
CVE-2017-5456 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Enterprise Linux and 5 more | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. | |||||
CVE-2017-5426 | 2 Linux, Mozilla | 3 Linux Kernel, Firefox, Thunderbird | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||||
CVE-2017-5199 | 1 Solarwinds | 1 Log And Event Manager | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | |||||
CVE-2017-4952 | 1 Vmware | 1 Xenon | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure. | |||||
CVE-2017-3006 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2019-10-02 | 9.0 HIGH | 8.8 HIGH |
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications. | |||||
CVE-2017-2115 | 1 Cybozu | 1 Office | 2019-10-02 | 4.0 MEDIUM | 4.3 MEDIUM |
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. | |||||
CVE-2017-18348 | 1 Splunk | 1 Splunk | 2019-10-02 | 6.9 MEDIUM | 7.0 HIGH |
Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access. |