| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-2576 |
89 |
2
|
Exec Code Sql |
2017-12-20 |
2018-01-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. |
|
2 |
CVE-2014-8358 |
426 |
|
+Priv |
2017-12-11 |
2017-12-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe. |
|
3 |
CVE-2014-8389 |
78 |
|
|
2017-12-28 |
2018-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests. |
|
4 |
CVE-2016-1253 |
78 |
|
Exec Code |
2017-12-05 |
2017-12-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file. |
|
5 |
CVE-2017-0872 |
20 |
|
Exec Code |
2017-12-06 |
2017-12-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323. |
|
6 |
CVE-2017-0876 |
20 |
|
Exec Code |
2017-12-06 |
2017-12-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675. |
|
7 |
CVE-2017-0877 |
20 |
|
Exec Code |
2017-12-06 |
2017-12-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937. |
|
8 |
CVE-2017-0878 |
20 |
|
Exec Code |
2017-12-06 |
2017-12-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291. |
|
9 |
CVE-2017-0879 |
200 |
|
+Info |
2017-12-06 |
2017-12-19 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
|
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028. |
|
10 |
CVE-2017-1696 |
20 |
|
Exec Code |
2017-12-20 |
2018-01-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178. |
|
11 |
CVE-2017-3112 |
125 |
|
|
2017-12-09 |
2021-09-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. |
|
12 |
CVE-2017-3114 |
125 |
|
|
2017-12-09 |
2021-09-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. |
|
13 |
CVE-2017-3184 |
798 |
|
DoS |
2017-12-16 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186). |
|
14 |
CVE-2017-3186 |
798 |
|
|
2017-12-16 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials. |
|
15 |
CVE-2017-3193 |
119 |
|
Overflow |
2017-12-16 |
2019-10-09 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. |
|
16 |
CVE-2017-3195 |
119 |
|
Exec Code Overflow |
2017-12-16 |
2019-12-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges. |
|
17 |
CVE-2017-5254 |
269 |
|
|
2017-12-20 |
2019-10-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. |
|
18 |
CVE-2017-5255 |
78 |
|
|
2017-12-20 |
2019-10-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root. |
|
19 |
CVE-2017-5259 |
319 |
|
|
2017-12-20 |
2019-10-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp. |
|
20 |
CVE-2017-5260 |
732 |
|
|
2017-12-20 |
2019-10-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account. |
|
21 |
CVE-2017-5534 |
|
|
|
2017-12-13 |
2019-10-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0. |
|
22 |
CVE-2017-6167 |
362 |
|
Exec Code |
2017-12-21 |
2018-01-09 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected. |
|
23 |
CVE-2017-6211 |
119 |
|
Overflow |
2017-12-05 |
2017-12-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur. |
|
24 |
CVE-2017-7155 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2017-12-27 |
2017-12-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
|
25 |
CVE-2017-7159 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2017-12-27 |
2017-12-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
|
26 |
CVE-2017-7162 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2017-12-27 |
2019-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
|
27 |
CVE-2017-7163 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2017-12-27 |
2017-12-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
|
28 |
CVE-2017-9944 |
269 |
|
|
2017-12-27 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network. |
|
29 |
CVE-2017-10891 |
426 |
|
+Priv |
2017-12-01 |
2017-12-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
|
30 |
CVE-2017-10892 |
426 |
|
+Priv |
2017-12-01 |
2017-12-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
|
31 |
CVE-2017-10893 |
426 |
|
+Priv |
2017-12-08 |
2017-12-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
|
32 |
CVE-2017-10902 |
78 |
|
Exec Code |
2017-12-01 |
2017-12-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors. |
|
33 |
CVE-2017-10903 |
287 |
|
|
2017-12-01 |
2017-12-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors. |
|
34 |
CVE-2017-10906 |
|
|
Exec Code |
2017-12-08 |
2021-08-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors. |
|
35 |
CVE-2017-10909 |
426 |
|
+Priv |
2017-12-22 |
2018-01-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
|
36 |
CVE-2017-11005 |
416 |
|
|
2017-12-05 |
2017-12-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during a deinitialization path. |
|
37 |
CVE-2017-11006 |
416 |
|
|
2017-12-05 |
2017-12-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during positioning. |
|
38 |
CVE-2017-11043 |
119 |
|
Overflow |
2017-12-05 |
2019-04-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially occur. |
|
39 |
CVE-2017-11213 |
125 |
|
Overflow |
2017-12-09 |
2021-09-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. |
|
40 |
CVE-2017-11215 |
416 |
|
Exec Code Mem. Corr. +Info |
2017-12-09 |
2021-09-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. |
|
41 |
CVE-2017-11225 |
416 |
|
Exec Code Mem. Corr. +Info |
2017-12-09 |
2021-09-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. |
|
42 |
CVE-2017-11293 |
119 |
|
Exec Code Overflow Mem. Corr. |
2017-12-09 |
2017-12-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. |
|
43 |
CVE-2017-11294 |
119 |
|
Exec Code Overflow Mem. Corr. |
2017-12-09 |
2017-12-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. |
|
44 |
CVE-2017-11295 |
119 |
|
Exec Code Overflow Mem. Corr. |
2017-12-09 |
2017-12-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. |
|
45 |
CVE-2017-11302 |
119 |
|
Exec Code Overflow Mem. Corr. |
2017-12-09 |
2017-12-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. |
|
46 |
CVE-2017-11885 |
20 |
|
Exec Code |
2017-12-12 |
2019-04-26 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability". |
|
47 |
CVE-2017-11935 |
119 |
|
Exec Code Overflow |
2017-12-12 |
2017-12-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". |
|
48 |
CVE-2017-11937 |
119 |
|
Exec Code Overflow |
2017-12-07 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". |
|
49 |
CVE-2017-11940 |
119 |
|
Exec Code Overflow |
2017-12-08 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937. |
|
50 |
CVE-2017-13070 |
426 |
|
Exec Code |
2017-12-11 |
2017-12-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines. |
