| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
201 |
CVE-2017-8934 |
20 |
|
DoS |
2017-05-15 |
2017-05-23 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). |
|
202 |
CVE-2017-8933 |
20 |
|
DoS |
2017-05-15 |
2017-05-23 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability). |
|
203 |
CVE-2017-8930 |
352 |
|
CSRF |
2017-05-14 |
2017-05-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules. |
|
204 |
CVE-2017-8929 |
416 |
|
DoS |
2017-05-14 |
2017-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule. |
|
205 |
CVE-2017-8928 |
352 |
|
CSRF |
2017-05-14 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. |
|
206 |
CVE-2017-8927 |
119 |
|
DoS Overflow |
2017-05-15 |
2021-04-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file. |
|
207 |
CVE-2017-8926 |
119 |
|
DoS Overflow |
2017-05-15 |
2017-05-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file. |
|
208 |
CVE-2017-8925 |
404 |
|
DoS |
2017-05-12 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. |
|
209 |
CVE-2017-8924 |
191 |
|
+Info |
2017-05-12 |
2019-04-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. |
|
210 |
CVE-2017-8923 |
20 |
|
DoS |
2017-05-12 |
2019-04-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. |
|
211 |
CVE-2017-8921 |
22 |
|
Dir. Trav. |
2017-05-12 |
2017-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956. |
|
212 |
CVE-2017-8917 |
89 |
|
Exec Code Sql |
2017-05-17 |
2019-04-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. |
|
213 |
CVE-2017-8915 |
617 |
|
DoS |
2017-05-23 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694. |
|
214 |
CVE-2017-8914 |
|
|
|
2017-05-23 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694. |
|
215 |
CVE-2017-8913 |
611 |
|
|
2017-05-23 |
2021-04-20 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873. |
|
216 |
CVE-2017-8912 |
94 |
|
Exec Code |
2017-05-12 |
2017-08-16 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug." |
|
217 |
CVE-2017-8911 |
191 |
|
|
2017-05-12 |
2017-11-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker. |
|
218 |
CVE-2017-8908 |
125 |
|
DoS |
2017-05-12 |
2017-05-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. |
|
219 |
CVE-2017-8906 |
191 |
|
DoS |
2017-05-11 |
2020-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding. |
|
220 |
CVE-2017-8905 |
682 |
|
Exec Code |
2017-05-11 |
2019-10-03 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
|
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215. |
|
221 |
CVE-2017-8904 |
|
|
Exec Code |
2017-05-11 |
2019-10-03 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
|
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214. |
|
222 |
CVE-2017-8903 |
|
|
Exec Code |
2017-05-11 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213. |
|
223 |
CVE-2017-8900 |
|
|
Bypass |
2017-05-12 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session. |
|
224 |
CVE-2017-8899 |
79 |
|
XSS |
2017-05-11 |
2020-06-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation. |
|
225 |
CVE-2017-8898 |
79 |
|
XSS |
2017-05-11 |
2020-06-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&action=create request. This is related to the "<> Source" option. |
|
226 |
CVE-2017-8897 |
79 |
|
XSS |
2017-05-11 |
2020-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement. |
|
227 |
CVE-2017-8895 |
416 |
|
DoS Exec Code |
2017-05-10 |
2021-08-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on. |
|
228 |
CVE-2017-8892 |
79 |
|
XSS |
2017-05-10 |
2017-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image. |
|
229 |
CVE-2017-8891 |
1187 |
|
|
2017-05-10 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads. |
|
230 |
CVE-2017-8890 |
415 |
|
DoS |
2017-05-10 |
2018-08-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. |
|
231 |
CVE-2017-8879 |
287 |
|
|
2017-05-10 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. |
|
232 |
CVE-2017-8878 |
200 |
|
+Info |
2017-05-10 |
2017-05-16 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml. |
|
233 |
CVE-2017-8877 |
200 |
|
+Info |
2017-05-10 |
2017-05-16 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. |
|
234 |
CVE-2017-8876 |
79 |
|
XSS |
2017-05-10 |
2020-05-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php. |
|
235 |
CVE-2017-8875 |
352 |
|
CSRF |
2017-05-10 |
2017-05-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL. |
|
236 |
CVE-2017-8874 |
352 |
|
CSRF |
2017-05-10 |
2021-01-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts. |
|
237 |
CVE-2017-8872 |
125 |
|
DoS |
2017-05-10 |
2020-09-10 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. |
|
238 |
CVE-2017-8868 |
22 |
|
Dir. Trav. CSRF |
2017-05-10 |
2017-05-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF. |
|
239 |
CVE-2017-8859 |
|
|
Exec Code |
2017-05-09 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root. |
|
240 |
CVE-2017-8858 |
732 |
|
|
2017-05-09 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process. |
|
241 |
CVE-2017-8857 |
732 |
|
Exec Code |
2017-05-09 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. |
|
242 |
CVE-2017-8856 |
732 |
|
Exec Code |
2017-05-09 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process. |
|
243 |
CVE-2017-8855 |
|
|
|
2017-05-09 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key. |
|
244 |
CVE-2017-8854 |
119 |
|
Overflow |
2017-05-09 |
2017-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file. |
|
245 |
CVE-2017-8853 |
22 |
|
Dir. Trav. |
2017-05-09 |
2017-05-17 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. |
|
246 |
CVE-2017-8852 |
119 |
|
Overflow |
2017-05-10 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560. |
|
247 |
CVE-2017-8851 |
319 |
|
|
2017-05-11 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA. |
|
248 |
CVE-2017-8850 |
319 |
|
|
2017-05-11 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off). |
|
249 |
CVE-2017-8849 |
20 |
|
+Priv |
2017-05-17 |
2019-03-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service. |
|
250 |
CVE-2017-8848 |
352 |
|
CSRF |
2017-05-08 |
2020-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. |
