| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1051 |
CVE-2017-1232 |
319 |
|
|
2017-10-26 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 123911. |
|
1052 |
CVE-2017-1230 |
200 |
|
+Info |
2017-10-26 |
2017-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. This weakness may allow attackers to expose sensitive information by guessing tokens or identifiers. IBM X-Force ID: 123909. |
|
1053 |
CVE-2017-1228 |
200 |
|
+Info |
2017-10-26 |
2017-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123907. |
|
1054 |
CVE-2017-1226 |
200 |
|
+Info |
2017-10-26 |
2017-10-31 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks against the system. IBM X-Force ID: 123905. |
|
1055 |
CVE-2017-1225 |
200 |
|
+Info |
2017-10-26 |
2017-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123904. |
|
1056 |
CVE-2017-1222 |
287 |
|
|
2017-10-26 |
2017-10-31 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862. |
|
1057 |
CVE-2017-1220 |
200 |
|
+Info |
2017-10-26 |
2017-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860. |
|
1058 |
CVE-2017-1212 |
|
|
DoS |
2017-10-24 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852. |
|
1059 |
CVE-2017-1210 |
20 |
|
|
2017-10-24 |
2017-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850. |
|
1060 |
CVE-2017-1126 |
200 |
|
+Info |
2017-10-04 |
2017-10-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341. |
|
1061 |
CVE-2017-0903 |
502 |
|
Exec Code Bypass |
2017-10-11 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. |
|
1062 |
CVE-2017-0829 |
|
|
|
2017-10-04 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044. |
|
1063 |
CVE-2017-0828 |
|
|
|
2017-10-04 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855. |
|
1064 |
CVE-2017-0827 |
|
|
|
2017-10-04 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872. |
|
1065 |
CVE-2017-0826 |
|
|
|
2017-10-04 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781. |
|
1066 |
CVE-2017-0825 |
200 |
|
+Info |
2017-10-04 |
2017-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002. |
|
1067 |
CVE-2017-0824 |
|
|
|
2017-10-04 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001. |
|
1068 |
CVE-2017-0823 |
200 |
|
+Info |
2017-10-04 |
2017-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655. |
|
1069 |
CVE-2017-0822 |
|
|
|
2017-10-04 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722. |
|
1070 |
CVE-2017-0820 |
|
|
|
2017-10-04 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433. |
|
1071 |
CVE-2017-0819 |
682 |
|
|
2017-10-04 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918. |
|
1072 |
CVE-2017-0818 |
772 |
|
|
2017-10-04 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671. |
|
1073 |
CVE-2017-0817 |
200 |
|
+Info |
2017-10-04 |
2017-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430. |
|
1074 |
CVE-2017-0816 |
200 |
|
+Info |
2017-10-04 |
2017-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938. |
|
1075 |
CVE-2017-0815 |
200 |
|
+Info |
2017-10-04 |
2017-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567. |
|
1076 |
CVE-2017-0814 |
200 |
|
+Info |
2017-10-04 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140. |
|
1077 |
CVE-2017-0813 |
772 |
|
DoS |
2017-10-04 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046. |
|
1078 |
CVE-2017-0812 |
125 |
|
|
2017-10-04 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231. |
|
1079 |
CVE-2017-0811 |
|
|
Exec Code |
2017-10-04 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177. |
|
1080 |
CVE-2017-0810 |
119 |
|
Exec Code Overflow |
2017-10-04 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066. |
|
1081 |
CVE-2017-0809 |
119 |
|
Exec Code Overflow |
2017-10-04 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128. |
|
1082 |
CVE-2017-0808 |
200 |
|
+Info |
2017-10-04 |
2017-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183. |
|
1083 |
CVE-2017-0807 |
|
|
|
2017-10-04 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974. |
|
1084 |
CVE-2017-0806 |
502 |
|
|
2017-10-04 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805. |
|
1085 |
CVE-2017-0316 |
20 |
|
DoS |
2017-10-16 |
2019-11-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges. |
|
1086 |
CVE-2017-0303 |
459 |
|
|
2017-10-27 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections. |
|
1087 |
CVE-2016-10699 |
79 |
|
XSS |
2017-10-31 |
2017-11-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs. |
|
1088 |
CVE-2016-10517 |
254 |
|
|
2017-10-24 |
2018-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). |
|
1089 |
CVE-2016-10516 |
79 |
|
XSS |
2017-10-23 |
2018-02-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message. |
|
1090 |
CVE-2016-10515 |
79 |
|
XSS |
2017-10-18 |
2017-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. |
|
1091 |
CVE-2016-10514 |
284 |
|
Bypass |
2017-10-10 |
2017-11-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring. |
|
1092 |
CVE-2016-10513 |
79 |
|
XSS |
2017-10-10 |
2017-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php. |
|
1093 |
CVE-2016-8937 |
287 |
|
|
2017-10-05 |
2017-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750. |
|
1094 |
CVE-2016-8736 |
502 |
|
Exec Code |
2017-10-12 |
2019-03-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack. |
|
1095 |
CVE-2016-8734 |
400 |
|
|
2017-10-16 |
2020-10-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory. |
|
1096 |
CVE-2016-6815 |
255 |
|
|
2017-10-13 |
2017-11-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role. |
|
1097 |
CVE-2016-6806 |
352 |
|
CSRF |
2017-10-03 |
2017-10-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided. Furthermore, not all Wicket server side targets were subjected to the CSRF check. This was also fixed. |
|
1098 |
CVE-2016-5791 |
287 |
|
|
2017-10-13 |
2017-11-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication. |
|
1099 |
CVE-2016-5789 |
352 |
|
CSRF |
2017-10-13 |
2017-11-03 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. |
|
1100 |
CVE-2016-5714 |
284 |
|
Exec Code Bypass |
2017-10-18 |
2022-01-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability." |
