CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2017 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2017-11889 119 Exec Code Overflow Mem. Corr. 2017-12-12 2017-12-26
7.6
None Remote High Not required Complete Complete Complete
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
602 CVE-2017-11888 119 Exec Code Overflow Mem. Corr. 2017-12-12 2017-12-29
7.6
None Remote High Not required Complete Complete Complete
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".
603 CVE-2017-11886 119 Exec Code Overflow Mem. Corr. 2017-12-12 2017-12-26
7.6
None Remote High Not required Complete Complete Complete
Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
604 CVE-2017-11885 20 Exec Code 2017-12-12 2019-04-26
8.5
None Remote Medium ??? Complete Complete Complete
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability".
605 CVE-2017-11562 384 2017-12-19 2018-01-12
6.8
None Remote Medium Not required Partial Partial Partial
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php.
606 CVE-2017-11482 601 2017-12-08 2020-08-14
5.8
None Remote Medium Not required Partial Partial None
The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
607 CVE-2017-11480 DoS 2017-12-08 2019-10-09
5.0
None Remote Low Not required None None Partial
Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic.
608 CVE-2017-11463 275 2017-12-11 2018-03-28
6.5
None Remote Low ??? Partial Partial Partial
In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc.
609 CVE-2017-11397 426 Exec Code 2017-12-16 2017-12-29
6.8
None Remote Medium Not required Partial Partial Partial
A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.
610 CVE-2017-11319 269 +Priv 2017-12-11 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms.
611 CVE-2017-11305 2017-12-13 2022-04-18
5.0
None Remote Low Not required None Partial None
A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.
612 CVE-2017-11304 416 Exec Code 2017-12-09 2017-12-14
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution.
613 CVE-2017-11303 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-14
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
614 CVE-2017-11302 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
615 CVE-2017-11301 119 Overflow Mem. Corr. 2017-12-09 2019-10-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
616 CVE-2017-11300 119 Overflow Mem. Corr. 2017-12-09 2019-10-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
617 CVE-2017-11299 119 Overflow Mem. Corr. 2017-12-09 2019-10-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
618 CVE-2017-11298 119 Overflow Mem. Corr. 2017-12-09 2019-10-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
619 CVE-2017-11297 119 Overflow Mem. Corr. 2017-12-09 2019-10-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
620 CVE-2017-11295 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
621 CVE-2017-11294 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
622 CVE-2017-11293 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
623 CVE-2017-11291 918 Bypass 2017-12-09 2017-12-14
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.
624 CVE-2017-11286 611 2017-12-01 2020-05-14
5.0
None Remote Low Not required Partial None None
Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
625 CVE-2017-11284 502 2017-12-01 2020-05-14
7.5
None Remote Low Not required Partial Partial Partial
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
626 CVE-2017-11283 502 2017-12-01 2020-05-14
7.5
None Remote Low Not required Partial Partial Partial
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
627 CVE-2017-11282 119 Exec Code Overflow Mem. Corr. 2017-12-01 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
628 CVE-2017-11281 119 Exec Code Overflow Mem. Corr. 2017-12-01 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
629 CVE-2017-11225 416 Exec Code Mem. Corr. +Info 2017-12-09 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
630 CVE-2017-11215 416 Exec Code Mem. Corr. +Info 2017-12-09 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
631 CVE-2017-11213 125 Overflow 2017-12-09 2021-09-08
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
632 CVE-2017-11043 119 Overflow 2017-12-05 2019-04-29
9.3
None Remote Medium Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially occur.
633 CVE-2017-11031 200 +Info 2017-12-05 2017-12-19
5.0
None Remote Low Not required Partial None None
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command can be used to cause a Use After Free condition.
634 CVE-2017-11007 119 Overflow 2017-12-05 2017-12-15
7.2
None Local Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash.
635 CVE-2017-11006 416 2017-12-05 2017-12-15
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during positioning.
636 CVE-2017-11005 416 2017-12-05 2017-12-15
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during a deinitialization path.
637 CVE-2017-10959 416 Exec Code 2017-12-20 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4981.
638 CVE-2017-10958 416 Exec Code 2017-12-20 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the value attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4980.
639 CVE-2017-10957 416 Exec Code 2017-12-20 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the arrowEnd attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4979.
640 CVE-2017-10909 426 +Priv 2017-12-22 2018-01-09
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
641 CVE-2017-10908 20 DoS 2017-12-22 2021-04-19
5.0
None Remote Low Not required None None Partial
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.
642 CVE-2017-10906 Exec Code 2017-12-08 2021-08-04
10.0
None Remote Low Not required Complete Complete Complete
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
643 CVE-2017-10905 2017-12-16 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.
644 CVE-2017-10904 78 Exec Code 2017-12-16 2017-12-28
7.5
None Remote Low Not required Partial Partial Partial
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
645 CVE-2017-10903 287 2017-12-01 2017-12-12
10.0
None Remote Low Not required Complete Complete Complete
Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.
646 CVE-2017-10902 78 Exec Code 2017-12-01 2017-12-12
10.0
None Remote Low Not required Complete Complete Complete
PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
647 CVE-2017-10901 119 Overflow 2017-12-01 2017-12-12
5.0
None Remote Low Not required None None Partial
Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.
648 CVE-2017-10900 Bypass 2017-12-01 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors.
649 CVE-2017-10899 89 Exec Code Sql 2017-12-01 2017-12-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.
650 CVE-2017-10898 89 Exec Code Sql 2017-12-01 2017-12-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.
Total number of vulnerabilities : 774   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.