CVE-2017-11473 CVSS:0.0
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table. (Last Update:2017-07-20) (Publish Update:2017-07-20)
CVE-2017-10914 CVSS:6.8
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2. (Last Update:2017-07-10) (Publish Update:2017-07-04)
CVE-2017-10913 CVSS:7.5
The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1. (Last Update:2017-07-10) (Publish Update:2017-07-04)
CVE-2017-9606 CVSS:4.4
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks. (Last Update:2017-06-28) (Publish Update:2017-06-14)
CVE-2017-9525 CVSS:10.0
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. (Last Update:2017-07-07) (Publish Update:2017-06-09)
CVE-2017-9324 CVSS:6.5
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end. (Last Update:2017-06-22) (Publish Update:2017-06-12)
CVE-2017-9036 CVSS:7.2
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. (Last Update:2017-06-01) (Publish Update:2017-05-25)
CVE-2017-8849 CVSS:7.2
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service. (Last Update:2017-06-30) (Publish Update:2017-05-17)
CVE-2017-8773 CVSS:7.5
Quick Heal Internet Security, Quick Heal Total Security, and Quick Heal AntiVirus Pro are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation. (Last Update:2017-05-15) (Publish Update:2017-05-04)
CVE-2017-8613 CVSS:6.8
Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability." (Last Update:2017-07-05) (Publish Update:2017-06-29)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by