| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
201 |
CVE-2017-7648 |
798 |
|
|
2017-04-10 |
2017-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. |
|
202 |
CVE-2017-7647 |
|
|
Exec Code |
2017-04-10 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. |
|
203 |
CVE-2017-7646 |
200 |
|
+Info |
2017-04-10 |
2017-04-17 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. |
|
204 |
CVE-2017-7645 |
20 |
|
DoS |
2017-04-18 |
2018-11-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. |
|
205 |
CVE-2017-7644 |
200 |
|
+Info |
2017-04-29 |
2020-02-17 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541. |
|
206 |
CVE-2017-7643 |
|
|
+Priv |
2017-04-14 |
2021-07-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program. |
|
207 |
CVE-2017-7628 |
89 |
|
Sql |
2017-04-13 |
2017-04-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability). |
|
208 |
CVE-2017-7627 |
|
|
|
2017-04-13 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check). |
|
209 |
CVE-2017-7626 |
79 |
|
XSS |
2017-04-13 |
2017-04-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method). |
|
210 |
CVE-2017-7625 |
94 |
|
Exec Code |
2017-04-10 |
2017-04-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. |
|
211 |
CVE-2017-7624 |
772 |
|
|
2017-04-10 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. |
|
212 |
CVE-2017-7623 |
125 |
|
DoS |
2017-04-10 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. |
|
213 |
CVE-2017-7622 |
862 |
|
|
2017-04-10 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon. |
|
214 |
CVE-2017-7621 |
79 |
|
XSS |
2017-04-11 |
2017-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/home.php. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0. |
|
215 |
CVE-2017-7619 |
835 |
|
|
2017-04-10 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv. |
|
216 |
CVE-2017-7618 |
835 |
|
DoS |
2017-04-10 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue. |
|
217 |
CVE-2017-7617 |
119 |
|
Exec Code Overflow |
2017-04-10 |
2017-04-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action. |
|
218 |
CVE-2017-7616 |
388 |
|
+Info |
2017-04-10 |
2018-06-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. |
|
219 |
CVE-2017-7615 |
640 |
|
|
2017-04-16 |
2020-09-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. |
|
220 |
CVE-2017-7614 |
476 |
|
DoS |
2017-04-09 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program. |
|
221 |
CVE-2017-7613 |
20 |
|
DoS |
2017-04-09 |
2019-06-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. |
|
222 |
CVE-2017-7612 |
125 |
|
DoS |
2017-04-09 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. |
|
223 |
CVE-2017-7611 |
125 |
|
DoS |
2017-04-09 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. |
|
224 |
CVE-2017-7610 |
125 |
|
DoS |
2017-04-09 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. |
|
225 |
CVE-2017-7609 |
20 |
|
DoS |
2017-04-09 |
2018-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. |
|
226 |
CVE-2017-7608 |
125 |
|
DoS |
2017-04-09 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. |
|
227 |
CVE-2017-7607 |
125 |
|
DoS |
2017-04-09 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. |
|
228 |
CVE-2017-7606 |
20 |
|
DoS |
2017-04-09 |
2017-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. |
|
229 |
CVE-2017-7605 |
617 |
|
DoS |
2017-04-09 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. |
|
230 |
CVE-2017-7604 |
20 |
|
DoS |
2017-04-09 |
2017-04-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. |
|
231 |
CVE-2017-7603 |
190 |
|
DoS Overflow |
2017-04-09 |
2017-04-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. |
|
232 |
CVE-2017-7602 |
190 |
|
DoS Overflow |
2017-04-09 |
2018-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. |
|
233 |
CVE-2017-7601 |
20 |
|
DoS |
2017-04-09 |
2018-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. |
|
234 |
CVE-2017-7600 |
20 |
|
DoS |
2017-04-09 |
2018-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. |
|
235 |
CVE-2017-7599 |
20 |
|
DoS |
2017-04-09 |
2018-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. |
|
236 |
CVE-2017-7598 |
369 |
|
DoS |
2017-04-09 |
2018-03-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. |
|
237 |
CVE-2017-7597 |
20 |
|
DoS |
2017-04-09 |
2018-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. |
|
238 |
CVE-2017-7596 |
20 |
|
DoS |
2017-04-09 |
2018-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. |
|
239 |
CVE-2017-7595 |
369 |
|
DoS |
2017-04-09 |
2018-03-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. |
|
240 |
CVE-2017-7594 |
772 |
|
DoS |
2017-04-09 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. |
|
241 |
CVE-2017-7593 |
119 |
|
Overflow +Info |
2017-04-09 |
2018-03-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. |
|
242 |
CVE-2017-7592 |
20 |
|
DoS |
2017-04-09 |
2018-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. |
|
243 |
CVE-2017-7591 |
79 |
|
XSS |
2017-04-09 |
2017-04-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/. |
|
244 |
CVE-2017-7590 |
79 |
|
XSS |
2017-04-09 |
2017-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name. |
|
245 |
CVE-2017-7589 |
200 |
|
+Info |
2017-04-09 |
2017-04-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js. |
|
246 |
CVE-2017-7588 |
287 |
|
|
2017-04-12 |
2017-08-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W. |
|
247 |
CVE-2017-7586 |
119 |
|
Overflow |
2017-04-07 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. |
|
248 |
CVE-2017-7585 |
119 |
|
Overflow |
2017-04-07 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. |
|
249 |
CVE-2017-7584 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2017-04-07 |
2017-04-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file. |
|
250 |
CVE-2017-7583 |
79 |
|
XSS |
2017-04-07 |
2018-06-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
ILIAS before 5.2.3 has XSS via SVG documents. |
