| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
651 |
CVE-2017-9521 |
|
|
Exec Code |
2017-07-31 |
2021-09-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows remote attackers to execute arbitrary code via a specific (but unstated) exposed service. NOTE: the scope of this CVE does NOT include the concept of "Unnecessary Services" in general; the scope is only a single service that is unnecessarily exposed, leading to remote code execution. The details of that service might be disclosed at a later date. |
|
652 |
CVE-2017-9498 |
354 |
|
|
2017-07-31 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protection mechanism involving digital signatures for the firmware. |
|
653 |
CVE-2017-9497 |
20 |
|
Exec Code |
2017-07-31 |
2017-08-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics menu on the set-top box, and then posting to a Web Inspector route. |
|
654 |
CVE-2017-9496 |
|
|
|
2017-07-31 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to access an SNMP server by connecting a cable to the Ethernet port, and then establishing communication with the device's link-local IPv6 address. |
|
655 |
CVE-2017-9495 |
200 |
|
+Info |
2017-07-31 |
2017-08-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to read arbitrary files by pressing "EXIT, Down, Down, 2" on an RF4CE remote to reach the diagnostic display, and then launching a Remote Web Inspector script. |
|
656 |
CVE-2017-9494 |
732 |
|
|
2017-07-31 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet. |
|
657 |
CVE-2017-9493 |
|
|
|
2017-07-31 |
2019-10-03 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to conduct successful forced-pairing attacks (between an RF4CE remote and a set-top box) by repeatedly transmitting the same pairing code. |
|
658 |
CVE-2017-9492 |
200 |
|
+Info |
2017-07-31 |
2021-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not include the HTTPOnly flag in a Set-Cookie header for administration applications, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. |
|
659 |
CVE-2017-9491 |
200 |
|
+Info |
2017-07-31 |
2021-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. |
|
660 |
CVE-2017-9490 |
352 |
|
CSRF |
2017-07-31 |
2017-08-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. |
|
661 |
CVE-2017-9489 |
352 |
|
CSRF |
2017-07-31 |
2021-09-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. |
|
662 |
CVE-2017-9488 |
798 |
|
|
2017-07-31 |
2017-08-02 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded credentials. This wan0 interface cannot be accessed from the public Internet. |
|
663 |
CVE-2017-9487 |
200 |
|
+Info |
2017-07-31 |
2017-08-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to discover a WAN IPv6 IP address by leveraging knowledge of the CM MAC address. |
|
664 |
CVE-2017-9486 |
200 |
|
+Info |
2017-07-31 |
2017-08-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to compute password-of-the-day values via unspecified vectors. |
|
665 |
CVE-2017-9485 |
|
|
|
2017-07-31 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to write arbitrary data to a known /var/tmp/sess_* pathname by leveraging the device's operation in UI dev mode. |
|
666 |
CVE-2017-9484 |
200 |
|
+Info |
2017-07-31 |
2017-08-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover a CM MAC address by sniffing Wi-Fi traffic and performing simple arithmetic calculations. |
|
667 |
CVE-2017-9483 |
78 |
|
|
2017-07-31 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands. |
|
668 |
CVE-2017-9482 |
732 |
|
|
2017-07-31 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session. |
|
669 |
CVE-2017-9481 |
|
|
|
2017-07-31 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain unintended access to the Network Processor (NP) 169.254/16 IP network by adding a routing-table entry that specifies the LAN IP address as the router for that network. |
|
670 |
CVE-2017-9480 |
200 |
|
+Info |
2017-07-31 |
2017-08-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows local users (e.g., users who have command access as a consequence of CVE-2017-9479 exploitation) to read arbitrary files via UPnP access to /var/IGD/. |
|
671 |
CVE-2017-9479 |
732 |
|
Exec Code |
2017-07-31 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem. |
|
672 |
CVE-2017-9478 |
200 |
|
+Info |
2017-07-31 |
2017-08-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC address to a value with a two-byte offset from the MTA/VoIP MAC address, which indirectly allows remote attackers to discover hidden Home Security Wi-Fi networks by leveraging the embedding of the MTA/VoIP MAC address into the DNS hostname. |
|
673 |
CVE-2017-9477 |
200 |
|
+Info |
2017-07-31 |
2017-08-03 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover the CM MAC address by connecting to the device's xfinitywifi hotspot. |
|
674 |
CVE-2017-9476 |
200 |
|
+Info |
2017-07-31 |
2021-09-13 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network. |
|
675 |
CVE-2017-9475 |
287 |
|
|
2017-07-31 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Comcast XFINITY WiFi Home Hotspot devices allow remote attackers to spoof the identities of Comcast customers via a forged MAC address. |
|
676 |
CVE-2017-9457 |
20 |
|
|
2017-07-25 |
2017-08-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS. |
|
677 |
CVE-2017-9415 |
352 |
|
CSRF |
2017-07-21 |
2017-07-25 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view. |
|
678 |
CVE-2017-9413 |
352 |
|
CSRF |
2017-07-25 |
2017-07-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks. |
|
679 |
CVE-2017-9412 |
119 |
|
DoS Overflow |
2017-07-27 |
2017-08-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. |
|
680 |
CVE-2017-9411 |
119 |
|
DoS Overflow |
2017-07-27 |
2017-08-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. |
|
681 |
CVE-2017-9410 |
119 |
|
DoS Overflow |
2017-07-27 |
2017-08-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file. |
|
682 |
CVE-2017-9340 |
|
|
|
2017-07-17 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2. |
|
683 |
CVE-2017-9339 |
200 |
|
+Info |
2017-07-17 |
2017-08-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token. |
|
684 |
CVE-2017-9338 |
79 |
|
XSS |
2017-07-17 |
2017-07-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue. |
|
685 |
CVE-2017-9313 |
79 |
|
XSS |
2017-07-04 |
2017-07-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840. |
|
686 |
CVE-2017-9260 |
125 |
|
DoS |
2017-07-27 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file. |
|
687 |
CVE-2017-9259 |
400 |
|
DoS |
2017-07-27 |
2017-08-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file. |
|
688 |
CVE-2017-9258 |
835 |
|
DoS |
2017-07-27 |
2019-10-03 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file. |
|
689 |
CVE-2017-9248 |
522 |
|
XSS |
2017-07-03 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. |
|
690 |
CVE-2017-9245 |
200 |
|
+Info |
2017-07-19 |
2019-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL. |
|
691 |
CVE-2017-9233 |
611 |
|
|
2017-07-25 |
2021-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. |
|
692 |
CVE-2017-8932 |
682 |
|
|
2017-07-06 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. |
|
693 |
CVE-2017-8919 |
|
|
+Info |
2017-07-25 |
2021-05-11 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors. |
|
694 |
CVE-2017-8896 |
79 |
|
XSS |
2017-07-17 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters. |
|
695 |
CVE-2017-8894 |
444 |
|
Exec Code |
2017-07-02 |
2017-07-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine. |
|
696 |
CVE-2017-8893 |
119 |
|
DoS Overflow |
2017-07-02 |
2017-07-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service. |
|
697 |
CVE-2017-8870 |
119 |
|
Exec Code Overflow |
2017-07-27 |
2017-08-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file. |
|
698 |
CVE-2017-8869 |
119 |
|
Exec Code Overflow |
2017-07-27 |
2017-08-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file. |
|
699 |
CVE-2017-8826 |
119 |
|
Overflow |
2017-07-05 |
2021-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FastStone Image Viewer 6.2 has a "User Mode Write AV" issue, possibly related to the jpeg_mem_term function in jmemnobs.c in libjpeg. This issue can be triggered by a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact. |
|
700 |
CVE-2017-8803 |
119 |
|
Exec Code Overflow |
2017-07-05 |
2021-09-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow user-assisted attackers to execute code via a crafted file, because of a "Data from Faulting Address controls Code Flow" issue. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands. |
