Search Results (2899 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14124 1 Unicon-software 1 Rp 2025-04-20 N/A
In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to change application definitions.
CVE-2017-14380 1 Emc 1 Isilon Onefs 2025-04-20 N/A
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.
CVE-2017-7489 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
CVE-2017-5084 1 Google 1 Chrome Os 2025-04-20 N/A
Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint.
CVE-2017-9450 1 Amazon 1 Amazon Web Services Cloudformation Bootstrap 2025-04-20 N/A
The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.
CVE-2017-1000082 1 Systemd Project 1 Systemd 2025-04-20 9.8 Critical
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
CVE-2017-14329 1 Extremenetworks 1 Extremexos 2025-04-20 N/A
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.
CVE-2017-8032 2 Cloudfoundry, Pivotal Software 3 Cloud Foundry Uaa Bosh, Cloud Foundry Cf, Cloud Foundry Uaa 2025-04-20 N/A
In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider.
CVE-2017-8114 1 Roundcube 1 Webmail 2025-04-20 8.8 High
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.
CVE-2017-5572 1 Citrix 1 Xenserver 2025-04-20 N/A
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.
CVE-2017-0360 1 Tryton 1 Tryton 2025-04-20 N/A
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
CVE-2017-5254 1 Cambiumnetworks 4 Epmp 1000, Epmp 1000 Firmware, Epmp 2000 and 1 more 2025-04-20 N/A
In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.
CVE-2016-8219 1 Cloudfoundry 2 Capi-release, Cf-release 2025-04-20 6.5 Medium
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails.
CVE-2017-11747 1 Tinyproxy Project 1 Tinyproxy 2025-04-20 N/A
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command.
CVE-2017-10000 1 Oracle 1 Hospitality Reporting And Analytics 2025-04-20 N/A
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Reporting and Analytics. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).
CVE-2017-1000003 1 Atutor 1 Atutor 2025-04-20 N/A
ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Module component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Alternative Content component resulting in privilege escalation.
CVE-2017-1000104 1 Jenkins 1 Config File Provider 2025-04-20 N/A
The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient permissions to configure the provided files, view the configuration of the folder in which the configuration files are defined, or have Job/Configure permissions to a job able to use these files.
CVE-2017-17384 1 Ispconfig 1 Ispconfig 2025-04-20 N/A
ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job.
CVE-2017-11681 1 Project Hashtopussy 1 Hashtopussy 2025-04-20 N/A
Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.
CVE-2017-1326 1 Ibm 1 Sterling B2b Integrator 2025-04-20 N/A
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060.