| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-1001004 |
20 |
|
Exec Code |
2017-11-27 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. |
|
2 |
CVE-2017-1001003 |
20 |
|
|
2017-11-27 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object. |
|
3 |
CVE-2017-1001002 |
94 |
|
Exec Code |
2017-11-27 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. |
|
4 |
CVE-2017-1000406 |
254 |
|
|
2017-11-30 |
2017-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart). |
|
5 |
CVE-2017-1000405 |
362 |
|
|
2017-11-30 |
2018-02-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp. |
|
6 |
CVE-2017-1000248 |
502 |
|
|
2017-11-17 |
2017-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis |
|
7 |
CVE-2017-1000247 |
20 |
|
|
2017-11-17 |
2017-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. |
|
8 |
CVE-2017-1000246 |
330 |
|
|
2017-11-17 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. |
|
9 |
CVE-2017-1000245 |
522 |
|
|
2017-11-01 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. |
|
10 |
CVE-2017-1000244 |
352 |
|
CSRF |
2017-11-01 |
2019-05-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification |
|
11 |
CVE-2017-1000243 |
862 |
|
|
2017-11-01 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites |
|
12 |
CVE-2017-1000241 |
269 |
|
|
2017-11-17 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators. |
|
13 |
CVE-2017-1000238 |
434 |
|
|
2017-11-17 |
2017-11-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver. |
|
14 |
CVE-2017-1000237 |
918 |
|
|
2017-11-17 |
2017-11-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. |
|
15 |
CVE-2017-1000236 |
79 |
|
XSS |
2017-11-17 |
2017-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site. |
|
16 |
CVE-2017-1000235 |
78 |
|
|
2017-11-17 |
2017-11-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. |
|
17 |
CVE-2017-1000234 |
200 |
|
+Info |
2017-11-17 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter |
|
18 |
CVE-2017-1000232 |
415 |
|
|
2017-11-17 |
2020-04-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. |
|
19 |
CVE-2017-1000231 |
415 |
|
|
2017-11-17 |
2018-02-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. |
|
20 |
CVE-2017-1000230 |
20 |
|
DoS |
2017-11-17 |
2017-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack. |
|
21 |
CVE-2017-1000229 |
190 |
|
DoS Exec Code Overflow |
2017-11-17 |
2019-05-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. |
|
22 |
CVE-2017-1000228 |
20 |
|
Exec Code |
2017-11-17 |
2017-11-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function |
|
23 |
CVE-2017-1000226 |
200 |
|
+Info |
2017-11-17 |
2017-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Stop User Enumeration 1.3.8 allows user enumeration via the REST API |
|
24 |
CVE-2017-1000225 |
79 |
|
XSS |
2017-11-17 |
2017-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can |
|
25 |
CVE-2017-1000224 |
352 |
|
CSRF |
2017-11-17 |
2017-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin |
|
26 |
CVE-2017-1000221 |
732 |
|
|
2017-11-17 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X. |
|
27 |
CVE-2017-1000220 |
78 |
|
Exec Code |
2017-11-17 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution |
|
28 |
CVE-2017-1000219 |
78 |
|
Exec Code |
2017-11-17 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user |
|
29 |
CVE-2017-1000218 |
119 |
|
DoS Exec Code Overflow |
2017-11-17 |
2017-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution. |
|
30 |
CVE-2017-1000217 |
74 |
|
Exec Code |
2017-11-17 |
2019-04-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0. |
|
31 |
CVE-2017-1000215 |
78 |
|
Exec Code |
2017-11-17 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution |
|
32 |
CVE-2017-1000214 |
78 |
|
|
2017-11-27 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
GitPHP by xiphux is vulnerable to OS Command Injections |
|
33 |
CVE-2017-1000212 |
|
|
Exec Code |
2017-11-17 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code. |
|
34 |
CVE-2017-1000211 |
416 |
|
|
2017-11-17 |
2018-02-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. |
|
35 |
CVE-2017-1000210 |
119 |
|
DoS Exec Code Overflow |
2017-11-17 |
2017-11-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack |
|
36 |
CVE-2017-1000209 |
295 |
|
|
2017-11-17 |
2017-12-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate. |
|
37 |
CVE-2017-1000208 |
502 |
|
Exec Code |
2017-11-17 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification. |
|
38 |
CVE-2017-1000207 |
502 |
|
Exec Code |
2017-11-27 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification. |
|
39 |
CVE-2017-1000206 |
119 |
|
Exec Code Overflow |
2017-11-17 |
2017-12-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution |
|
40 |
CVE-2017-1000203 |
78 |
|
Exec Code |
2017-11-17 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution |
|
41 |
CVE-2017-1000200 |
476 |
|
DoS |
2017-11-17 |
2017-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service |
|
42 |
CVE-2017-1000199 |
200 |
|
+Info |
2017-11-17 |
2017-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. |
|
43 |
CVE-2017-1000198 |
119 |
|
DoS Overflow |
2017-11-17 |
2017-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service |
|
44 |
CVE-2017-1000197 |
417 |
|
|
2017-11-17 |
2020-08-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server. |
|
45 |
CVE-2017-1000196 |
94 |
|
Exec Code |
2017-11-17 |
2020-08-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server. |
|
46 |
CVE-2017-1000195 |
502 |
|
|
2017-11-17 |
2020-08-03 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server. |
|
47 |
CVE-2017-1000194 |
434 |
|
|
2017-11-17 |
2020-08-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. |
|
48 |
CVE-2017-1000193 |
79 |
|
Exec Code XSS |
2017-11-17 |
2020-08-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser. |
|
49 |
CVE-2017-1000192 |
|
|
File Inclusion |
2017-11-17 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information. |
|
50 |
CVE-2017-1000191 |
400 |
|
|
2017-11-17 |
2017-12-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS. |
