CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2017 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2017-1232 319 2017-10-26 2019-10-03
4.3
None Remote Medium Not required Partial None None
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 123911.
1052 CVE-2017-1230 200 +Info 2017-10-26 2017-10-31
5.0
None Remote Low Not required Partial None None
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. This weakness may allow attackers to expose sensitive information by guessing tokens or identifiers. IBM X-Force ID: 123909.
1053 CVE-2017-1228 200 +Info 2017-10-26 2017-10-31
4.3
None Remote Medium Not required Partial None None
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123907.
1054 CVE-2017-1226 200 +Info 2017-10-26 2017-10-31
4.0
None Remote Low ??? Partial None None
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks against the system. IBM X-Force ID: 123905.
1055 CVE-2017-1225 200 +Info 2017-10-26 2017-10-31
5.0
None Remote Low Not required Partial None None
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123904.
1056 CVE-2017-1222 287 2017-10-26 2017-10-31
6.4
None Remote Low Not required Partial Partial None
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862.
1057 CVE-2017-1220 200 +Info 2017-10-26 2017-10-31
5.0
None Remote Low Not required Partial None None
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860.
1058 CVE-2017-1212 DoS 2017-10-24 2019-10-03
4.3
None Remote Medium Not required None None Partial
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852.
1059 CVE-2017-1210 20 2017-10-24 2017-10-27
5.0
None Remote Low Not required Partial None None
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850.
1060 CVE-2017-1126 200 +Info 2017-10-04 2017-10-13
5.0
None Remote Low Not required Partial None None
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341.
1061 CVE-2017-0903 502 Exec Code Bypass 2017-10-11 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.
1062 CVE-2017-0829 2017-10-04 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044.
1063 CVE-2017-0828 2017-10-04 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855.
1064 CVE-2017-0827 2017-10-04 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872.
1065 CVE-2017-0826 2017-10-04 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781.
1066 CVE-2017-0825 200 +Info 2017-10-04 2017-10-12
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002.
1067 CVE-2017-0824 2017-10-04 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001.
1068 CVE-2017-0823 200 +Info 2017-10-04 2017-10-12
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.
1069 CVE-2017-0822 2017-10-04 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722.
1070 CVE-2017-0820 2017-10-04 2019-10-03
7.8
None Remote Low Not required None None Complete
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433.
1071 CVE-2017-0819 682 2017-10-04 2019-10-03
7.8
None Remote Low Not required None None Complete
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918.
1072 CVE-2017-0818 772 2017-10-04 2019-10-03
7.8
None Remote Low Not required None None Complete
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671.
1073 CVE-2017-0817 200 +Info 2017-10-04 2017-10-12
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430.
1074 CVE-2017-0816 200 +Info 2017-10-04 2017-10-12
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938.
1075 CVE-2017-0815 200 +Info 2017-10-04 2017-10-12
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567.
1076 CVE-2017-0814 200 +Info 2017-10-04 2019-10-03
7.8
None Remote Low Not required None None Complete
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140.
1077 CVE-2017-0813 772 DoS 2017-10-04 2019-10-03
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046.
1078 CVE-2017-0812 125 2017-10-04 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231.
1079 CVE-2017-0811 Exec Code 2017-10-04 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177.
1080 CVE-2017-0810 119 Exec Code Overflow 2017-10-04 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066.
1081 CVE-2017-0809 119 Exec Code Overflow 2017-10-04 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128.
1082 CVE-2017-0808 200 +Info 2017-10-04 2017-10-12
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183.
1083 CVE-2017-0807 2017-10-04 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974.
1084 CVE-2017-0806 502 2017-10-04 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805.
1085 CVE-2017-0316 20 DoS 2017-10-16 2019-11-07
4.6
None Local Low Not required Partial Partial Partial
In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.
1086 CVE-2017-0303 459 2017-10-27 2019-10-03
5.0
None Remote Low Not required None None Partial
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections.
1087 CVE-2016-10699 79 XSS 2017-10-31 2017-11-18
4.3
None Remote Medium Not required None Partial None
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs.
1088 CVE-2016-10517 254 2017-10-24 2018-08-08
4.3
None Remote Medium Not required Partial None None
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
1089 CVE-2016-10516 79 XSS 2017-10-23 2018-02-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.
1090 CVE-2016-10515 79 XSS 2017-10-18 2017-10-25
4.3
None Remote Medium Not required None Partial None
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
1091 CVE-2016-10514 284 Bypass 2017-10-10 2017-11-05
4.3
None Remote Medium Not required None Partial None
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
1092 CVE-2016-10513 79 XSS 2017-10-10 2017-10-20
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php.
1093 CVE-2016-8937 287 2017-10-05 2017-10-25
5.0
None Remote Low Not required Partial None None
The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.
1094 CVE-2016-8736 502 Exec Code 2017-10-12 2019-03-01
7.5
None Remote Low Not required Partial Partial Partial
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.
1095 CVE-2016-8734 400 2017-10-16 2020-10-20
4.0
None Remote Low ??? None None Partial
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.
1096 CVE-2016-6815 255 2017-10-13 2017-11-03
4.0
None Remote Low ??? None Partial None
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
1097 CVE-2016-6806 352 CSRF 2017-10-03 2017-10-23
6.8
None Remote Medium Not required Partial Partial Partial
Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided. Furthermore, not all Wicket server side targets were subjected to the CSRF check. This was also fixed.
1098 CVE-2016-5791 287 2017-10-13 2017-11-03
10.0
None Remote Low Not required Complete Complete Complete
An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication.
1099 CVE-2016-5789 352 CSRF 2017-10-13 2017-11-03
6.0
None Remote Medium ??? Partial Partial Partial
A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.
1100 CVE-2016-5714 284 Exec Code Bypass 2017-10-18 2022-01-24
6.5
None Remote Low ??? Partial Partial Partial
Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability."
Total number of vulnerabilities : 1249   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (This Page)23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.