| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-1000257 |
119 |
|
Overflow |
2017-10-31 |
2018-11-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded. |
|
2 |
CVE-2017-1000256 |
295 |
|
|
2017-10-31 |
2020-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. |
|
3 |
CVE-2017-1000255 |
787 |
|
|
2017-10-30 |
2018-04-11 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
|
On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable. |
|
4 |
CVE-2017-1000253 |
119 |
|
Overflow |
2017-10-05 |
2017-12-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary. |
|
5 |
CVE-2017-1000120 |
89 |
|
Exec Code Sql |
2017-10-05 |
2017-10-13 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. |
|
6 |
CVE-2017-1000119 |
434 |
|
Exec Code |
2017-10-05 |
2020-08-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. |
|
7 |
CVE-2017-1000117 |
601 |
|
|
2017-10-05 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. |
|
8 |
CVE-2017-1000116 |
78 |
|
|
2017-10-05 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. |
|
9 |
CVE-2017-1000112 |
362 |
|
Mem. Corr. |
2017-10-05 |
2018-08-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005. |
|
10 |
CVE-2017-1000111 |
787 |
|
|
2017-10-05 |
2020-10-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW. |
|
11 |
CVE-2017-1000107 |
|
|
Bypass |
2017-10-05 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection. |
|
12 |
CVE-2017-1000096 |
732 |
|
Exec Code |
2017-10-05 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. |
|
13 |
CVE-2017-1000093 |
352 |
|
CSRF |
2017-10-05 |
2017-10-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission. |
|
14 |
CVE-2017-1000091 |
352 |
|
CSRF |
2017-10-05 |
2017-10-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery. |
|
15 |
CVE-2017-1000090 |
352 |
|
CSRF |
2017-10-05 |
2017-11-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins. |
|
16 |
CVE-2017-1000086 |
862 |
|
CSRF |
2017-10-05 |
2020-08-24 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. |
|
17 |
CVE-2017-16228 |
|
|
Exec Code |
2017-10-29 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117. |
|
18 |
CVE-2017-16000 |
89 |
|
Exec Code Sql |
2017-10-29 |
2021-02-23 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php. |
|
19 |
CVE-2017-15996 |
119 |
|
DoS Overflow |
2017-10-29 |
2018-01-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions. |
|
20 |
CVE-2017-15994 |
354 |
|
Bypass |
2017-10-29 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects. |
|
21 |
CVE-2017-15993 |
89 |
|
Sql |
2017-10-31 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter. |
|
22 |
CVE-2017-15992 |
89 |
|
Sql |
2017-10-31 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php. |
|
23 |
CVE-2017-15991 |
89 |
|
Sql |
2017-10-31 |
2017-11-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982. |
|
24 |
CVE-2017-15990 |
434 |
|
|
2017-10-31 |
2020-05-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. |
|
25 |
CVE-2017-15989 |
89 |
|
Sql |
2017-10-31 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action. |
|
26 |
CVE-2017-15988 |
89 |
|
Sql |
2017-10-31 |
2017-11-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. |
|
27 |
CVE-2017-15987 |
89 |
|
Sql |
2017-10-31 |
2017-11-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter. |
|
28 |
CVE-2017-15986 |
89 |
|
Sql |
2017-10-31 |
2017-11-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CPA Lead Reward Script allows SQL Injection via the username parameter. |
|
29 |
CVE-2017-15985 |
89 |
|
Sql |
2017-10-31 |
2017-11-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter. |
|
30 |
CVE-2017-15984 |
89 |
|
Sql |
2017-10-31 |
2017-11-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php. |
|
31 |
CVE-2017-15983 |
89 |
|
Sql |
2017-10-31 |
2017-11-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. |
|
32 |
CVE-2017-15982 |
89 |
|
Sql |
2017-10-31 |
2020-08-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. |
|
33 |
CVE-2017-15981 |
89 |
|
Sql |
2017-10-31 |
2020-08-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. |
|
34 |
CVE-2017-15980 |
89 |
|
Sql |
2017-10-31 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter. |
|
35 |
CVE-2017-15979 |
89 |
|
Sql |
2017-10-31 |
2017-11-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter. |
|
36 |
CVE-2017-15978 |
89 |
|
Sql |
2017-10-31 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. |
|
37 |
CVE-2017-15977 |
89 |
|
Sql |
2017-10-31 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter. |
|
38 |
CVE-2017-15976 |
89 |
|
Sql |
2017-10-29 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604. |
|
39 |
CVE-2017-15975 |
89 |
|
Sql |
2017-10-29 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461. |
|
40 |
CVE-2017-15974 |
89 |
|
Sql Bypass |
2017-10-29 |
2017-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. |
|
41 |
CVE-2017-15973 |
89 |
|
Sql |
2017-10-29 |
2017-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php. |
|
42 |
CVE-2017-15972 |
89 |
|
Sql |
2017-10-29 |
2017-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971. |
|
43 |
CVE-2017-15971 |
89 |
|
Sql |
2017-10-29 |
2020-08-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972. |
|
44 |
CVE-2017-15970 |
89 |
|
Sql |
2017-10-29 |
2017-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter. |
|
45 |
CVE-2017-15969 |
89 |
|
Sql |
2017-10-29 |
2017-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category. |
|
46 |
CVE-2017-15968 |
89 |
|
Sql |
2017-10-29 |
2017-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter. |
|
47 |
CVE-2017-15967 |
89 |
|
Sql |
2017-10-29 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template. |
|
48 |
CVE-2017-15966 |
89 |
|
Sql |
2017-10-29 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php. |
|
49 |
CVE-2017-15965 |
89 |
|
Sql |
2017-10-29 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action. |
|
50 |
CVE-2017-15964 |
89 |
|
Sql |
2017-10-29 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI. |
