CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2017-1000134 732 2017-11-03 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.
102 CVE-2017-1000133 200 +Info 2017-11-03 2017-11-13
5.0
None Remote Low Not required Partial None None
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.
103 CVE-2017-1000132 79 Exec Code XSS 2017-11-03 2017-11-15
3.5
None Remote Medium ??? None Partial None
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.
104 CVE-2017-1000131 613 2017-11-03 2019-10-03
4.0
None Remote Low ??? None Partial None
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.
105 CVE-2017-1000129 89 Sql 2017-11-17 2017-11-29
5.0
None Remote Low Not required Partial None None
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
106 CVE-2017-1000128 125 2017-11-17 2017-11-29
4.3
None Remote Medium Not required None None Partial
Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser
107 CVE-2017-1000127 119 Overflow 2017-11-17 2017-11-29
4.3
None Remote Medium Not required None None Partial
Exiv2 0.26 contains a heap buffer overflow in tiff parser
108 CVE-2017-1000126 125 2017-11-17 2020-04-09
4.3
None Remote Medium Not required None None Partial
exiv2 0.26 contains a Stack out of bounds read in webp parser
109 CVE-2017-1000125 732 2017-11-17 2019-10-03
5.0
None Remote Low Not required None Partial None
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.
110 CVE-2017-1000122 20 DoS 2017-11-01 2017-11-21
5.0
None Remote Low Not required None None Partial
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products.
111 CVE-2017-1000121 190 Overflow 2017-11-01 2017-11-21
7.5
None Remote Low Not required Partial Partial Partial
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products.
112 CVE-2017-17081 125 DoS 2017-11-30 2021-01-05
4.3
None Remote Medium Not required None None Partial
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.
113 CVE-2017-17080 125 DoS 2017-11-30 2019-10-03
4.3
None Remote Medium Not required None None Partial
elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.
114 CVE-2017-17067 863 Bypass 2017-11-30 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.
115 CVE-2017-17065 20 DoS 2017-11-30 2017-12-20
7.8
None Remote Low Not required None None Complete
An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently long string in the password field of the HTTP Basic Authentication section of the HTTP request.
116 CVE-2017-17059 79 XSS 2017-11-29 2017-12-19
4.3
None Remote Medium Not required None Partial None
XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.
117 CVE-2017-17058 22 Dir. Trav. 2017-11-29 2019-04-17
5.0
None Remote Low Not required Partial None None
** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code.
118 CVE-2017-17054 369 2017-11-29 2017-12-15
4.3
None Remote Medium Not required None None Partial
In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.
119 CVE-2017-17053 416 2017-11-29 2018-12-19
6.9
None Local Medium Not required Complete Complete Complete
The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.
120 CVE-2017-17052 416 2017-11-29 2017-12-20
7.2
None Local Low Not required Complete Complete Complete
The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program.
121 CVE-2017-17050 476 DoS 2017-11-29 2017-12-15
4.6
None Local Low Not required Partial Partial Partial
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\.\Viragtlt.
122 CVE-2017-17049 476 DoS 2017-11-29 2017-12-15
4.6
None Local Low Not required Partial Partial Partial
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730010 DeviceIoControl request to \\.\Viragtlt.
123 CVE-2017-17046 200 +Info 2017-11-28 2018-10-19
2.1
None Local Low Not required Partial None None
An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled.
124 CVE-2017-17045 416 DoS +Priv +Info 2017-11-28 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.
125 CVE-2017-17044 754 DoS 2017-11-28 2019-10-03
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.
126 CVE-2017-17043 79 XSS 2017-11-28 2017-12-15
4.3
None Remote Medium Not required None Partial None
The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
127 CVE-2017-17042 22 Dir. Trav. 2017-11-28 2017-12-20
5.0
None Remote Low Not required Partial None None
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
128 CVE-2017-16994 200 +Info 2017-11-27 2018-04-25
2.1
None Local Low Not required Partial None None
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.
129 CVE-2017-16962 79 XSS 2017-11-27 2017-12-12
4.3
None Remote Medium Not required None Partial None
The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.
130 CVE-2017-16961 89 Sql +Info 2017-11-27 2017-12-07
4.0
None Remote Low ??? Partial None None
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request.
131 CVE-2017-16960 78 Exec Code 2017-11-27 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.
132 CVE-2017-16959 22 Dir. Trav. 2017-11-27 2017-12-14
4.0
None Remote Low ??? Partial None None
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.
133 CVE-2017-16958 78 Exec Code 2017-11-27 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.
134 CVE-2017-16957 78 Exec Code 2017-11-27 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.
135 CVE-2017-16956 79 XSS 2017-11-27 2017-12-07
4.3
None Remote Medium Not required None Partial None
b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title.
136 CVE-2017-16955 89 Exec Code Sql 2017-11-27 2017-12-07
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.
137 CVE-2017-16952 20 DoS 2017-11-28 2017-12-14
4.3
None Remote Medium Not required None None Partial
KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.
138 CVE-2017-16951 20 DoS 2017-11-28 2021-09-09
4.3
None Remote Medium Not required None None Partial
Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file.
139 CVE-2017-16948 476 DoS 2017-11-26 2017-12-15
4.6
None Local Low Not required Partial Partial Partial
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730008 DeviceIoControl request to \\.\Viragtlt.
140 CVE-2017-16946 532 2017-11-25 2017-12-07
4.0
None Remote Low ??? Partial None None
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.
141 CVE-2017-16944 835 DoS 2017-11-25 2021-05-04
5.0
None Remote Low Not required None None Partial
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
142 CVE-2017-16943 416 DoS Exec Code 2017-11-25 2021-05-04
7.5
None Remote Low Not required Partial Partial Partial
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
143 CVE-2017-16942 369 2017-11-25 2019-06-10
4.3
None Remote Medium Not required None None Partial
In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.
144 CVE-2017-16941 434 Exec Code 2017-11-25 2017-12-20
6.5
None Remote Low ??? Partial Partial Partial
** DISPUTED ** October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. NOTE: the vendor says "I don't think [an attacker able to login to the system under an account that has access to manage/upload themes] is a threat model that we need to be considering."
145 CVE-2017-16939 416 DoS +Priv 2017-11-24 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
146 CVE-2017-16938 119 Overflow 2017-11-24 2018-02-04
6.8
None Remote Medium Not required Partial Partial Partial
A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file.
147 CVE-2017-16936 22 Dir. Trav. 2017-11-24 2017-12-12
3.3
None Local Network Low Not required Partial None None
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring.
148 CVE-2017-16935 20 Bypass 2017-11-24 2019-10-03
5.0
None Remote Low Not required Partial None None
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account details via a users/search.json request, and then modifying the account via an editUser request.
149 CVE-2017-16934 78 Exec Code 2017-11-24 2017-12-11
10.0
None Remote Low Not required Complete Complete Complete
The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter.
150 CVE-2017-16933 732 +Priv 2017-11-24 2019-10-03
6.9
None Local Medium Not required Complete Complete Complete
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
Total number of vulnerabilities : 1068   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.