| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
901 |
CVE-2017-2111 |
93 |
|
|
2017-04-28 |
2017-05-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. |
|
902 |
CVE-2017-2110 |
295 |
|
+Info |
2017-04-28 |
2017-05-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
|
903 |
CVE-2017-2109 |
200 |
|
+Info |
2017-04-28 |
2017-05-10 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. |
|
904 |
CVE-2017-2108 |
426 |
|
+Priv |
2017-04-28 |
2017-05-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. |
|
905 |
CVE-2017-2107 |
426 |
|
+Priv |
2017-04-28 |
2017-05-10 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. |
|
906 |
CVE-2017-2106 |
79 |
|
XSS |
2017-04-28 |
2017-05-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
907 |
CVE-2017-2105 |
200 |
|
+Info |
2017-04-28 |
2017-05-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
|
908 |
CVE-2017-2104 |
200 |
|
+Info |
2017-04-28 |
2017-05-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
|
909 |
CVE-2017-2103 |
200 |
|
+Info |
2017-04-28 |
2017-05-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
|
910 |
CVE-2017-2102 |
352 |
|
CSRF |
2017-04-28 |
2017-05-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
|
911 |
CVE-2017-2101 |
287 |
|
Bypass |
2017-04-28 |
2017-05-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. |
|
912 |
CVE-2017-2100 |
20 |
|
|
2017-04-28 |
2017-05-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. |
|
913 |
CVE-2017-2099 |
|
|
Exec Code |
2017-04-28 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors. |
|
914 |
CVE-2017-2098 |
22 |
|
Dir. Trav. |
2017-04-28 |
2017-05-05 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. |
|
915 |
CVE-2017-2097 |
352 |
|
CSRF |
2017-04-28 |
2020-04-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
|
916 |
CVE-2017-2096 |
78 |
|
Exec Code |
2017-04-28 |
2020-09-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. |
|
917 |
CVE-2017-2095 |
|
|
Bypass |
2017-04-28 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. |
|
918 |
CVE-2017-2094 |
269 |
|
Bypass |
2017-04-28 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. |
|
919 |
CVE-2017-2093 |
200 |
|
+Info CSRF |
2017-04-28 |
2017-05-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. |
|
920 |
CVE-2017-2092 |
79 |
|
XSS |
2017-04-28 |
2017-05-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
921 |
CVE-2017-2091 |
|
|
Bypass |
2017-04-28 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. |
|
922 |
CVE-2017-2090 |
22 |
|
Dir. Trav. |
2017-04-28 |
2017-05-05 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. |
|
923 |
CVE-2017-1298 |
|
|
DoS |
2017-04-28 |
2017-04-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A denial of service vulnerability has been discovered in 40-GbE network interface modules for IBM Security Network Protection XGS 7100 appliance. IBM X-Force ID: 125160. |
|
924 |
CVE-2017-1274 |
119 |
|
Exec Code Overflow |
2017-04-25 |
2019-05-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749. |
|
925 |
CVE-2017-1205 |
|
|
|
2017-04-14 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741. |
|
926 |
CVE-2017-1194 |
352 |
|
CSRF |
2017-04-28 |
2017-07-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669. |
|
927 |
CVE-2017-1180 |
|
|
|
2017-04-05 |
2019-10-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084. |
|
928 |
CVE-2017-1170 |
|
|
|
2017-04-26 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230. |
|
929 |
CVE-2017-1161 |
20 |
|
Exec Code |
2017-04-17 |
2017-04-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user. IBM X-Force ID: 122956. |
|
930 |
CVE-2017-1160 |
79 |
|
XSS |
2017-04-17 |
2017-04-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892. |
|
931 |
CVE-2017-1152 |
384 |
|
|
2017-04-14 |
2017-06-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293. |
|
932 |
CVE-2017-1149 |
611 |
|
DoS |
2017-04-25 |
2017-05-05 |
7.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Complete |
|
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202. |
|
933 |
CVE-2017-1141 |
200 |
|
+Info |
2017-04-28 |
2017-05-10 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907. |
|
934 |
CVE-2017-1122 |
|
|
Exec Code |
2017-04-20 |
2019-10-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174. |
|
935 |
CVE-2017-0888 |
20 |
|
|
2017-04-05 |
2017-04-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information. |
|
936 |
CVE-2017-0887 |
20 |
|
Bypass |
2017-04-05 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator. |
|
937 |
CVE-2017-0886 |
400 |
|
DoS |
2017-04-05 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service. |
|
938 |
CVE-2017-0885 |
200 |
|
+Info |
2017-04-05 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages. |
|
939 |
CVE-2017-0884 |
732 |
|
|
2017-04-05 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for. |
|
940 |
CVE-2017-0883 |
732 |
|
|
2017-04-05 |
2019-10-09 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for. |
|
941 |
CVE-2017-0586 |
200 |
|
+Info |
2017-04-07 |
2017-07-11 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569. |
|
942 |
CVE-2017-0585 |
200 |
|
+Info |
2017-04-07 |
2017-07-11 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953. |
|
943 |
CVE-2017-0584 |
200 |
|
+Info |
2017-04-07 |
2017-07-11 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32074353. References: QC-CR#1104731. |
|
944 |
CVE-2017-0583 |
|
|
Exec Code |
2017-04-07 |
2019-10-03 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32068683. References: QC-CR#1103788. |
|
945 |
CVE-2017-0582 |
|
|
Exec Code |
2017-04-07 |
2019-10-03 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836. |
|
946 |
CVE-2017-0581 |
|
|
Exec Code |
2017-04-07 |
2019-10-03 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485. |
|
947 |
CVE-2017-0580 |
|
|
Exec Code |
2017-04-07 |
2019-10-03 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986. |
|
948 |
CVE-2017-0579 |
|
|
Exec Code |
2017-04-07 |
2019-10-03 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406. |
|
949 |
CVE-2017-0578 |
|
|
Exec Code |
2017-04-07 |
2019-10-03 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406. |
|
950 |
CVE-2017-0577 |
|
|
Exec Code |
2017-04-07 |
2019-10-03 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951. |
