CVE-2017-9036 CVSS:0.0
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. (Last Update:2017-05-25) (Publish Update:2017-05-25)
CVE-2017-8849 CVSS:7.2
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service. (Last Update:2017-05-25) (Publish Update:2017-05-17)
CVE-2017-8773 CVSS:7.5
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation. (Last Update:2017-05-15) (Publish Update:2017-05-04)
CVE-2017-8422 CVSS:0.0
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. (Last Update:2017-05-22) (Publish Update:2017-05-17)
CVE-2017-8284 CVSS:6.9
** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes." (Last Update:2017-05-10) (Publish Update:2017-04-26)
CVE-2017-7925 CVSS:5.0
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. (Last Update:2017-05-18) (Publish Update:2017-05-05)
CVE-2017-7921 CVSS:7.5
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. (Last Update:2017-05-18) (Publish Update:2017-05-05)
CVE-2017-7690 CVSS:7.2
Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program. (Last Update:2017-04-25) (Publish Update:2017-04-14)
CVE-2017-7643 CVSS:7.2
Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program. (Last Update:2017-04-21) (Publish Update:2017-04-14)
CVE-2017-7412 CVSS:7.2
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands. (Last Update:2017-04-11) (Publish Update:2017-04-03)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com