|
255411
|
7.8 |
HIGH
Local
|
google
|
android
|
On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly k…
|
NVD-CWE-noinfo
|
CVE-2017-3748
|
2024-11-21 12:26 |
2017-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255412
|
5.5 |
MEDIUM
Local
|
lenovo
|
nerve_center
|
Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileg…
|
NVD-CWE-noinfo
|
CVE-2017-3747
|
2024-11-21 12:26 |
2017-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255413
|
5.4 |
MEDIUM
Network
|
mcafee
|
data_loss_prevention_endpoint
|
Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecti…
|
CWE-79
Cross-site Scripting
|
CVE-2017-3948
|
2024-11-21 12:26 |
2017-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255414
|
9.8 |
CRITICAL
Network
|
emc
|
avamar_server
|
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-4990
|
2024-11-21 12:26 |
2017-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255415
|
9.8 |
CRITICAL
Network
|
emc
|
avamar_server
|
In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to th…
|
CWE-287
Improper Authentication
|
CVE-2017-4989
|
2024-11-21 12:26 |
2017-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255416
|
7.2 |
HIGH
Network
|
emc
|
isilon_onefs
|
EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected syste…
|
NVD-CWE-noinfo
|
CVE-2017-4988
|
2024-11-21 12:26 |
2017-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255417
|
7.8 |
HIGH
Local
|
lenovo
|
xclarity_administrator
|
In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authent…
|
CWE-287
Improper Authentication
|
CVE-2017-3745
|
2024-11-21 12:26 |
2017-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255418
|
6.5 |
MEDIUM
Network
|
lenovo
ibm
|
integrated_management_module_firmware
|
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-3744
|
2024-11-21 12:26 |
2017-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255419
|
7.5 |
HIGH
Network
|
lenovo
|
toolscenter_dynamic_system_analysis
advanced_settings_utility
updatexpress_system_pack_installer
|
If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSP…
|
CWE-200
Information Exposure
|
CVE-2017-3743
|
2024-11-21 12:26 |
2017-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255420
|
7.3 |
HIGH
Local
|
emc
|
vnx2_firmware
vnx1_firmware
|
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potent…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-4987
|
2024-11-21 12:26 |
2017-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
