| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
101 |
CVE-2017-1000134 |
732 |
|
|
2017-11-03 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them. |
|
102 |
CVE-2017-1000133 |
200 |
|
+Info |
2017-11-03 |
2017-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages. |
|
103 |
CVE-2017-1000132 |
79 |
|
Exec Code XSS |
2017-11-03 |
2017-11-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file. |
|
104 |
CVE-2017-1000131 |
613 |
|
|
2017-11-03 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions. |
|
105 |
CVE-2017-1000129 |
89 |
|
Sql |
2017-11-17 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure |
|
106 |
CVE-2017-1000128 |
125 |
|
|
2017-11-17 |
2017-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser |
|
107 |
CVE-2017-1000127 |
119 |
|
Overflow |
2017-11-17 |
2017-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Exiv2 0.26 contains a heap buffer overflow in tiff parser |
|
108 |
CVE-2017-1000126 |
125 |
|
|
2017-11-17 |
2020-04-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
exiv2 0.26 contains a Stack out of bounds read in webp parser |
|
109 |
CVE-2017-1000125 |
732 |
|
|
2017-11-17 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. |
|
110 |
CVE-2017-1000122 |
20 |
|
DoS |
2017-11-01 |
2017-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products. |
|
111 |
CVE-2017-1000121 |
190 |
|
Overflow |
2017-11-01 |
2017-11-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products. |
|
112 |
CVE-2017-17081 |
125 |
|
DoS |
2017-11-30 |
2021-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. |
|
113 |
CVE-2017-17080 |
125 |
|
DoS |
2017-11-30 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status. |
|
114 |
CVE-2017-17067 |
863 |
|
Bypass |
2017-11-30 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks. |
|
115 |
CVE-2017-17065 |
20 |
|
DoS |
2017-11-30 |
2017-12-20 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently long string in the password field of the HTTP Basic Authentication section of the HTTP request. |
|
116 |
CVE-2017-17059 |
79 |
|
XSS |
2017-11-29 |
2017-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php. |
|
117 |
CVE-2017-17058 |
22 |
|
Dir. Trav. |
2017-11-29 |
2019-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code. |
|
118 |
CVE-2017-17054 |
369 |
|
|
2017-11-29 |
2017-12-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file. |
|
119 |
CVE-2017-17053 |
416 |
|
|
2017-11-29 |
2018-12-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y. |
|
120 |
CVE-2017-17052 |
416 |
|
|
2017-11-29 |
2017-12-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. |
|
121 |
CVE-2017-17050 |
476 |
|
DoS |
2017-11-29 |
2017-12-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\.\Viragtlt. |
|
122 |
CVE-2017-17049 |
476 |
|
DoS |
2017-11-29 |
2017-12-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730010 DeviceIoControl request to \\.\Viragtlt. |
|
123 |
CVE-2017-17046 |
200 |
|
+Info |
2017-11-28 |
2018-10-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. |
|
124 |
CVE-2017-17045 |
416 |
|
DoS +Priv +Info |
2017-11-28 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors. |
|
125 |
CVE-2017-17044 |
754 |
|
DoS |
2017-11-28 |
2019-10-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. |
|
126 |
CVE-2017-17043 |
79 |
|
XSS |
2017-11-28 |
2017-12-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. |
|
127 |
CVE-2017-17042 |
22 |
|
Dir. Trav. |
2017-11-28 |
2017-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. |
|
128 |
CVE-2017-16994 |
200 |
|
+Info |
2017-11-27 |
2018-04-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. |
|
129 |
CVE-2017-16962 |
79 |
|
XSS |
2017-11-27 |
2017-12-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component. |
|
130 |
CVE-2017-16961 |
89 |
|
Sql +Info |
2017-11-27 |
2017-12-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request. |
|
131 |
CVE-2017-16960 |
78 |
|
Exec Code |
2017-11-27 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd. |
|
132 |
CVE-2017-16959 |
22 |
|
Dir. Trav. |
2017-11-27 |
2017-12-14 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd. |
|
133 |
CVE-2017-16958 |
78 |
|
Exec Code |
2017-11-27 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd. |
|
134 |
CVE-2017-16957 |
78 |
|
Exec Code |
2017-11-27 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd. |
|
135 |
CVE-2017-16956 |
79 |
|
XSS |
2017-11-27 |
2017-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title. |
|
136 |
CVE-2017-16955 |
89 |
|
Exec Code Sql |
2017-11-27 |
2017-12-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php. |
|
137 |
CVE-2017-16952 |
20 |
|
DoS |
2017-11-28 |
2017-12-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file. |
|
138 |
CVE-2017-16951 |
20 |
|
DoS |
2017-11-28 |
2021-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file. |
|
139 |
CVE-2017-16948 |
476 |
|
DoS |
2017-11-26 |
2017-12-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730008 DeviceIoControl request to \\.\Viragtlt. |
|
140 |
CVE-2017-16946 |
532 |
|
|
2017-11-25 |
2017-12-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. |
|
141 |
CVE-2017-16944 |
835 |
|
DoS |
2017-11-25 |
2021-05-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function. |
|
142 |
CVE-2017-16943 |
416 |
|
DoS Exec Code |
2017-11-25 |
2021-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. |
|
143 |
CVE-2017-16942 |
369 |
|
|
2017-11-25 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. |
|
144 |
CVE-2017-16941 |
434 |
|
Exec Code |
2017-11-25 |
2017-12-20 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
** DISPUTED ** October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. NOTE: the vendor says "I don't think [an attacker able to login to the system under an account that has access to manage/upload themes] is a threat model that we need to be considering." |
|
145 |
CVE-2017-16939 |
416 |
|
DoS +Priv |
2017-11-24 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. |
|
146 |
CVE-2017-16938 |
119 |
|
Overflow |
2017-11-24 |
2018-02-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file. |
|
147 |
CVE-2017-16936 |
22 |
|
Dir. Trav. |
2017-11-24 |
2017-12-12 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring. |
|
148 |
CVE-2017-16935 |
20 |
|
Bypass |
2017-11-24 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account details via a users/search.json request, and then modifying the account via an editUser request. |
|
149 |
CVE-2017-16934 |
78 |
|
Exec Code |
2017-11-24 |
2017-12-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter. |
|
150 |
CVE-2017-16933 |
732 |
|
+Priv |
2017-11-24 |
2019-10-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. |
