| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1101 |
CVE-2017-2131 |
200 |
|
Bypass +Info |
2017-10-20 |
2017-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors. |
|
1102 |
CVE-2017-1583 |
200 |
|
+Info |
2017-10-24 |
2017-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. |
|
1103 |
CVE-2017-1569 |
|
|
DoS |
2017-10-03 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779. |
|
1104 |
CVE-2017-1541 |
20 |
|
|
2017-10-04 |
2017-11-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809. |
|
1105 |
CVE-2017-1538 |
200 |
|
+Info |
2017-10-10 |
2017-10-23 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735. |
|
1106 |
CVE-2017-1523 |
306 |
|
|
2017-10-24 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892. |
|
1107 |
CVE-2017-1522 |
79 |
|
XSS |
2017-10-05 |
2017-10-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129832. |
|
1108 |
CVE-2017-1521 |
79 |
|
XSS |
2017-10-26 |
2017-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129831. |
|
1109 |
CVE-2017-1503 |
79 |
|
XSS Http R.Spl. +Info |
2017-10-10 |
2017-11-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. |
|
1110 |
CVE-2017-1429 |
79 |
|
XSS |
2017-10-03 |
2017-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127587. |
|
1111 |
CVE-2017-1375 |
326 |
|
|
2017-10-24 |
2017-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126868. |
|
1112 |
CVE-2017-1369 |
79 |
|
XSS |
2017-10-03 |
2017-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126862. |
|
1113 |
CVE-2017-1364 |
79 |
|
XSS |
2017-10-03 |
2017-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126857. |
|
1114 |
CVE-2017-1363 |
79 |
|
XSS |
2017-10-25 |
2017-11-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856. |
|
1115 |
CVE-2017-1359 |
79 |
|
XSS |
2017-10-03 |
2017-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126686. |
|
1116 |
CVE-2017-1345 |
79 |
|
XSS |
2017-10-03 |
2017-10-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126460. |
|
1117 |
CVE-2017-1335 |
79 |
|
XSS |
2017-10-03 |
2017-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126243. |
|
1118 |
CVE-2017-1334 |
79 |
|
XSS |
2017-10-03 |
2017-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126242. |
|
1119 |
CVE-2017-1324 |
79 |
|
XSS |
2017-10-03 |
2017-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125975. |
|
1120 |
CVE-2017-1311 |
89 |
|
Sql |
2017-10-03 |
2017-10-11 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719. |
|
1121 |
CVE-2017-1301 |
59 |
|
|
2017-10-05 |
2017-10-25 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163. |
|
1122 |
CVE-2017-1295 |
200 |
|
+Info |
2017-10-25 |
2017-11-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157. |
|
1123 |
CVE-2017-1241 |
200 |
|
+Info |
2017-10-25 |
2017-11-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523. |
|
1124 |
CVE-2017-1232 |
319 |
|
|
2017-10-26 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 123911. |
|
1125 |
CVE-2017-1230 |
200 |
|
+Info |
2017-10-26 |
2017-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. This weakness may allow attackers to expose sensitive information by guessing tokens or identifiers. IBM X-Force ID: 123909. |
|
1126 |
CVE-2017-1228 |
200 |
|
+Info |
2017-10-26 |
2017-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123907. |
|
1127 |
CVE-2017-1226 |
200 |
|
+Info |
2017-10-26 |
2017-10-31 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks against the system. IBM X-Force ID: 123905. |
|
1128 |
CVE-2017-1225 |
200 |
|
+Info |
2017-10-26 |
2017-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123904. |
|
1129 |
CVE-2017-1222 |
287 |
|
|
2017-10-26 |
2017-10-31 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862. |
|
1130 |
CVE-2017-1220 |
200 |
|
+Info |
2017-10-26 |
2017-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860. |
|
1131 |
CVE-2017-1212 |
|
|
DoS |
2017-10-24 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852. |
|
1132 |
CVE-2017-1210 |
20 |
|
|
2017-10-24 |
2017-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850. |
|
1133 |
CVE-2017-1209 |
79 |
|
XSS |
2017-10-24 |
2017-10-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123849. |
|
1134 |
CVE-2017-1169 |
79 |
|
XSS |
2017-10-25 |
2017-11-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188. |
|
1135 |
CVE-2017-1164 |
79 |
|
XSS |
2017-10-25 |
2017-11-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036. |
|
1136 |
CVE-2017-1126 |
200 |
|
+Info |
2017-10-04 |
2017-10-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341. |
|
1137 |
CVE-2017-0903 |
502 |
|
Exec Code Bypass |
2017-10-11 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. |
|
1138 |
CVE-2017-0829 |
|
|
|
2017-10-04 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044. |
|
1139 |
CVE-2017-0828 |
|
|
|
2017-10-04 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855. |
|
1140 |
CVE-2017-0827 |
|
|
|
2017-10-04 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872. |
|
1141 |
CVE-2017-0826 |
|
|
|
2017-10-04 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781. |
|
1142 |
CVE-2017-0825 |
200 |
|
+Info |
2017-10-04 |
2017-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002. |
|
1143 |
CVE-2017-0824 |
|
|
|
2017-10-04 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001. |
|
1144 |
CVE-2017-0823 |
200 |
|
+Info |
2017-10-04 |
2017-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655. |
|
1145 |
CVE-2017-0822 |
|
|
|
2017-10-04 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722. |
|
1146 |
CVE-2017-0820 |
|
|
|
2017-10-04 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433. |
|
1147 |
CVE-2017-0819 |
682 |
|
|
2017-10-04 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918. |
|
1148 |
CVE-2017-0818 |
772 |
|
|
2017-10-04 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671. |
|
1149 |
CVE-2017-0817 |
200 |
|
+Info |
2017-10-04 |
2017-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430. |
|
1150 |
CVE-2017-0816 |
200 |
|
+Info |
2017-10-04 |
2017-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938. |
