| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
101 |
CVE-2017-6955 |
20 |
|
|
2017-03-17 |
2021-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack. |
|
102 |
CVE-2017-6954 |
269 |
|
|
2017-03-17 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions. |
|
103 |
CVE-2017-6952 |
190 |
|
DoS Overflow |
2017-03-16 |
2017-04-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c in Capstone 3.0.4 and earlier allows attackers to cause a denial of service (heap-based buffer overflow in a kernel driver) or possibly have unspecified other impact via a large value. |
|
104 |
CVE-2017-6951 |
476 |
|
DoS |
2017-03-16 |
2018-01-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type. |
|
105 |
CVE-2017-6950 |
732 |
|
Exec Code Bypass |
2017-03-23 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. |
|
106 |
CVE-2017-6949 |
119 |
|
Overflow |
2017-03-16 |
2017-04-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow. |
|
107 |
CVE-2017-6918 |
352 |
|
CSRF |
2017-03-15 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed. |
|
108 |
CVE-2017-6917 |
352 |
|
CSRF |
2017-03-15 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed. |
|
109 |
CVE-2017-6916 |
352 |
|
CSRF |
2017-03-15 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed. |
|
110 |
CVE-2017-6915 |
352 |
|
CSRF |
2017-03-15 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed. |
|
111 |
CVE-2017-6914 |
352 |
|
CSRF |
2017-03-15 |
2017-03-16 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted. |
|
112 |
CVE-2017-6911 |
922 |
|
|
2017-03-23 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack. |
|
113 |
CVE-2017-6909 |
79 |
|
Exec Code XSS |
2017-03-15 |
2017-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "shimmie2-master/ext/chatbox/history/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
114 |
CVE-2017-6908 |
79 |
|
Exec Code XSS |
2017-03-15 |
2017-03-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/selector_data.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
115 |
CVE-2017-6907 |
79 |
|
Exec Code XSS |
2017-03-15 |
2017-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Open.GL before 2017-03-13. The vulnerability exists due to insufficient filtration of user-supplied data (content) passed to the "Open.GL-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
116 |
CVE-2017-6906 |
79 |
|
Exec Code XSS |
2017-03-15 |
2017-06-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in SiberianCMS before 4.10.0. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "SiberianCMS-master/errors/500.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
117 |
CVE-2017-6905 |
79 |
|
Exec Code XSS |
2017-03-15 |
2017-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/tools/files/search_dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
118 |
CVE-2017-6903 |
|
|
|
2017-03-14 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 (aka Quake 3 engine) forks. A malicious auto-downloaded file can trigger loading of crafted auto-downloaded files as native code DLLs. A malicious auto-downloaded file can contain configuration defaults that override the user's. Executable bytecode in a malicious auto-downloaded file can set configuration variables to values that will result in unwanted native code DLLs being loaded, resulting in sandbox escape. |
|
119 |
CVE-2017-6902 |
434 |
|
|
2017-03-14 |
2017-03-16 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in 'file upload' modules in b2evolution 6.8.8 allows authenticated users to upload malicious code (shell) by visiting the admin.php?ctrl=files page, even though the system has restricted the .php extension. |
|
120 |
CVE-2017-6896 |
565 |
|
|
2017-03-14 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value. |
|
121 |
CVE-2017-6895 |
611 |
|
|
2017-03-23 |
2017-03-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. |
|
122 |
CVE-2017-6883 |
125 |
|
DoS Exec Code |
2017-03-14 |
2019-10-03 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. |
|
123 |
CVE-2017-6880 |
119 |
|
DoS Overflow |
2017-03-17 |
2017-03-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command. |
|
124 |
CVE-2017-6878 |
79 |
|
XSS |
2017-03-27 |
2017-03-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php. |
|
125 |
CVE-2017-6877 |
79 |
|
XSS |
2017-03-14 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim 0.7.1 and earlier allows remote attackers to inject arbitrary web script. |
|
126 |
CVE-2017-6874 |
362 |
|
DoS |
2017-03-14 |
2017-03-16 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts. |
|
127 |
CVE-2017-6864 |
79 |
|
XSS |
2017-03-29 |
2017-07-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. |
|
128 |
CVE-2017-6852 |
119 |
|
Overflow |
2017-03-15 |
2019-08-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image. |
|
129 |
CVE-2017-6851 |
125 |
|
DoS |
2017-03-15 |
2019-08-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image. |
|
130 |
CVE-2017-6850 |
476 |
|
DoS |
2017-03-15 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. |
|
131 |
CVE-2017-6849 |
476 |
|
DoS |
2017-03-15 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. |
|
132 |
CVE-2017-6848 |
476 |
|
DoS |
2017-03-15 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. |
|
133 |
CVE-2017-6847 |
476 |
|
DoS |
2017-03-15 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. |
|
134 |
CVE-2017-6846 |
476 |
|
DoS |
2017-03-15 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. |
|
135 |
CVE-2017-6845 |
476 |
|
DoS |
2017-03-15 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. |
|
136 |
CVE-2017-6844 |
119 |
|
Overflow |
2017-03-15 |
2017-03-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. |
|
137 |
CVE-2017-6843 |
119 |
|
Overflow |
2017-03-15 |
2017-03-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. |
|
138 |
CVE-2017-6842 |
476 |
|
DoS |
2017-03-15 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. |
|
139 |
CVE-2017-6841 |
476 |
|
DoS |
2017-03-15 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. |
|
140 |
CVE-2017-6840 |
125 |
|
DoS |
2017-03-15 |
2017-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file. |
|
141 |
CVE-2017-6839 |
190 |
|
DoS Overflow |
2017-03-20 |
2017-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. |
|
142 |
CVE-2017-6838 |
190 |
|
DoS Overflow |
2017-03-20 |
2017-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. |
|
143 |
CVE-2017-6837 |
20 |
|
DoS |
2017-03-20 |
2017-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients. |
|
144 |
CVE-2017-6836 |
119 |
|
DoS Overflow |
2017-03-20 |
2021-02-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file. |
|
145 |
CVE-2017-6835 |
369 |
|
DoS |
2017-03-20 |
2017-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. |
|
146 |
CVE-2017-6834 |
119 |
|
DoS Overflow |
2017-03-20 |
2021-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. |
|
147 |
CVE-2017-6833 |
369 |
|
DoS |
2017-03-20 |
2017-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. |
|
148 |
CVE-2017-6832 |
119 |
|
DoS Overflow |
2017-03-20 |
2021-02-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. |
|
149 |
CVE-2017-6831 |
119 |
|
DoS Overflow |
2017-03-20 |
2021-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. |
|
150 |
CVE-2017-6830 |
119 |
|
DoS Overflow |
2017-03-20 |
2017-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. |
