| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-2576 |
89 |
2
|
Exec Code Sql |
2017-12-20 |
2018-01-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. |
|
2 |
CVE-2017-18001 |
306 |
|
|
2017-12-31 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI. |
|
3 |
CVE-2017-17968 |
119 |
|
Exec Code Overflow |
2017-12-29 |
2018-01-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response. |
|
4 |
CVE-2017-17959 |
89 |
|
Sql |
2017-12-28 |
2018-04-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. |
|
5 |
CVE-2017-17957 |
89 |
|
Sql |
2017-12-28 |
2018-04-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. |
|
6 |
CVE-2017-17951 |
89 |
|
Sql |
2017-12-28 |
2018-04-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. |
|
7 |
CVE-2017-17932 |
119 |
|
DoS Exec Code Overflow |
2017-12-28 |
2019-05-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888. |
|
8 |
CVE-2017-17931 |
89 |
|
Sql |
2017-12-27 |
2018-01-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. |
|
9 |
CVE-2017-17928 |
89 |
|
Sql |
2017-12-27 |
2018-01-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. |
|
10 |
CVE-2017-17914 |
834 |
|
DoS |
2017-12-27 |
2020-09-08 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file. |
|
11 |
CVE-2017-17906 |
89 |
|
Sql |
2017-12-27 |
2018-01-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. |
|
12 |
CVE-2017-17901 |
400 |
|
DoS |
2017-12-29 |
2018-01-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. |
|
13 |
CVE-2017-17900 |
89 |
|
Exec Code Sql |
2017-12-27 |
2018-01-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. |
|
14 |
CVE-2017-17899 |
89 |
|
Exec Code Sql |
2017-12-27 |
2018-01-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. |
|
15 |
CVE-2017-17897 |
89 |
|
Exec Code Sql |
2017-12-27 |
2018-01-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
16 |
CVE-2017-17895 |
89 |
|
Sql |
2017-12-27 |
2018-01-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. |
|
17 |
CVE-2017-17892 |
89 |
|
Sql |
2017-12-27 |
2018-01-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. |
|
18 |
CVE-2017-17888 |
78 |
|
Exec Code |
2017-12-27 |
2018-01-17 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097. |
|
19 |
CVE-2017-17878 |
327 |
|
|
2017-12-27 |
2018-01-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" setting). |
|
20 |
CVE-2017-17877 |
|
|
|
2017-12-27 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over the internet (with stateless address autoconfiguration) by default, which makes it easier for remote attackers to obtain access by guessing 24 bits of the MAC address and attempting a root login. This can be exploited in conjunction with CVE-2017-17878. |
|
21 |
CVE-2017-17875 |
89 |
|
Sql |
2017-12-27 |
2018-01-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action. |
|
22 |
CVE-2017-17873 |
89 |
|
Sql |
2017-12-27 |
2018-01-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. |
|
23 |
CVE-2017-17872 |
89 |
|
Sql |
2017-12-27 |
2018-01-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action. |
|
24 |
CVE-2017-17871 |
89 |
|
Sql |
2017-12-27 |
2019-07-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter. |
|
25 |
CVE-2017-17870 |
89 |
|
Sql |
2017-12-27 |
2018-01-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action. |
|
26 |
CVE-2017-17863 |
190 |
|
DoS Overflow |
2017-12-27 |
2018-03-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact. |
|
27 |
CVE-2017-17857 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2018-01-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations. |
|
28 |
CVE-2017-17856 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2018-01-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement. |
|
29 |
CVE-2017-17855 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2018-01-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars. |
|
30 |
CVE-2017-17854 |
190 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2018-01-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic. |
|
31 |
CVE-2017-17853 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2018-01-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations. |
|
32 |
CVE-2017-17852 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2018-01-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops. |
|
33 |
CVE-2017-17849 |
119 |
|
Exec Code Overflow |
2017-12-27 |
2018-07-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response. |
|
34 |
CVE-2017-17845 |
338 |
|
|
2017-12-27 |
2018-02-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001. |
|
35 |
CVE-2017-17821 |
119 |
|
DoS Overflow |
2017-12-21 |
2018-01-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length. |
|
36 |
CVE-2017-17806 |
787 |
|
Overflow |
2017-12-20 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. |
|
37 |
CVE-2017-17805 |
20 |
|
DoS |
2017-12-20 |
2018-10-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. |
|
38 |
CVE-2017-17804 |
20 |
|
DoS |
2017-12-20 |
2018-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000084. |
|
39 |
CVE-2017-17803 |
20 |
|
DoS |
2017-12-20 |
2018-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82736068, a different vulnerability than CVE-2017-17475. |
|
40 |
CVE-2017-17802 |
20 |
|
DoS |
2017-12-20 |
2018-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E080. |
|
41 |
CVE-2017-17801 |
20 |
|
DoS |
2017-12-20 |
2018-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E060. |
|
42 |
CVE-2017-17800 |
20 |
|
DoS |
2017-12-20 |
2018-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17798. |
|
43 |
CVE-2017-17799 |
20 |
|
DoS |
2017-12-20 |
2018-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82730068. |
|
44 |
CVE-2017-17798 |
20 |
|
DoS |
2017-12-20 |
2018-01-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17800. |
|
45 |
CVE-2017-17797 |
20 |
|
DoS |
2017-12-20 |
2018-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000058. |
|
46 |
CVE-2017-17796 |
20 |
|
DoS |
2017-12-20 |
2018-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4. |
|
47 |
CVE-2017-17795 |
20 |
|
DoS |
2017-12-20 |
2018-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088. |
|
48 |
CVE-2017-17794 |
|
|
Bypass |
2017-12-20 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field. |
|
49 |
CVE-2017-17790 |
74 |
|
|
2017-12-20 |
2018-08-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely. |
|
50 |
CVE-2017-17781 |
89 |
|
Sql |
2017-12-20 |
2018-01-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Horde Groupware through 5.2.22, SQL Injection exists via the group parameter to /services/prefs.php or the homePostalCode parameter to /turba/search.php. |
