Search Results (2320 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-0311 5 Freebsd, Linux, Microsoft and 2 more 5 Freebsd, Linux Kernel, Windows and 2 more 2025-04-20 N/A
NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges.
CVE-2017-7850 1 Tenable 1 Nessus 2025-04-20 N/A
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.
CVE-2017-9606 1 Infotecs 2 Vipnet Client, Vipnet Coordinator 2025-04-20 N/A
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks.
CVE-2017-7889 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2025-04-20 7.8 High
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
CVE-2017-0317 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2025-04-20 N/A
All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution.
CVE-2016-3107 2 Pulpproject, Redhat 3 Pulp, Satellite, Satellite Capsule 2025-04-20 N/A
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data.
CVE-2017-15288 1 Scala-lang 1 Scala 2025-04-20 7.8 High
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
CVE-2017-16659 1 Anti-spam Smtp Proxy Project 1 Anti-spam Smtp Proxy 2025-04-20 7.8 High
The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.
CVE-2017-6356 1 Paloaltonetworks 1 Terminal Services Agent 2025-04-20 5.3 Medium
Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors.
CVE-2017-9780 2 Debian, Flatpak 2 Debian Linux, Flatpak 2025-04-20 N/A
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.
CVE-2017-16757 1 Hola 1 Vpn 2025-04-20 N/A
Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.
CVE-2017-16638 1 Vde Project 1 Vde 2025-04-20 N/A
The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.
CVE-2017-0703 1 Google 1 Android 2025-04-20 N/A
A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882.
CVE-2017-8449 1 Elastic 1 X-pack 2025-04-20 N/A
X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index.
CVE-2016-10156 1 Systemd Project 1 Systemd 2025-04-20 N/A
A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.
CVE-2017-0845 1 Google 1 Android 2025-04-20 N/A
A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.
CVE-2024-33860 1 Logpoint 2 Logpoint, Siem 2025-04-18 6.5 Medium
An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.
CVE-2021-22648 1 Ovarro 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more 2025-04-17 8.8 High
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.
CVE-2019-15119 1 Ehang-io 1 Nps 2025-04-17 5.5 Medium
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user.
CVE-2022-42949 1 Silverstripe 1 Subsites 2025-04-17 7.5 High
Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions.