| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
251 |
CVE-2017-15593 |
772 |
|
DoS |
2017-10-18 |
2019-10-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled. |
|
252 |
CVE-2017-15592 |
668 |
|
DoS +Priv |
2017-10-18 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests. |
|
253 |
CVE-2017-15591 |
20 |
|
DoS |
2017-10-18 |
2018-01-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation. |
|
254 |
CVE-2017-15590 |
|
|
DoS +Priv |
2017-10-18 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. |
|
255 |
CVE-2017-15589 |
200 |
|
+Info |
2017-10-18 |
2018-10-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory. |
|
256 |
CVE-2017-15588 |
362 |
|
Exec Code |
2017-10-18 |
2018-10-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. |
|
257 |
CVE-2017-15587 |
190 |
|
Overflow |
2017-10-18 |
2018-11-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. |
|
258 |
CVE-2017-15583 |
200 |
|
+Info File Inclusion |
2017-10-18 |
2017-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file. |
|
259 |
CVE-2017-15582 |
798 |
|
|
2017-10-27 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries. |
|
260 |
CVE-2017-15581 |
311 |
|
+Info |
2017-10-27 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution. |
|
261 |
CVE-2017-15580 |
434 |
|
|
2017-10-23 |
2019-03-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content. |
|
262 |
CVE-2017-15579 |
89 |
|
Sql |
2017-10-18 |
2017-11-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. |
|
263 |
CVE-2017-15578 |
89 |
|
Sql |
2017-10-18 |
2017-11-08 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. |
|
264 |
CVE-2017-15577 |
200 |
|
+Info |
2017-10-18 |
2019-03-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information. |
|
265 |
CVE-2017-15576 |
200 |
|
+Info |
2017-10-18 |
2019-03-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information. |
|
266 |
CVE-2017-15575 |
|
|
+Info |
2017-10-18 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact. |
|
267 |
CVE-2017-15574 |
79 |
|
XSS |
2017-10-18 |
2019-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. |
|
268 |
CVE-2017-15573 |
79 |
|
XSS |
2017-10-18 |
2019-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. |
|
269 |
CVE-2017-15572 |
532 |
|
+Info |
2017-10-18 |
2019-03-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect. |
|
270 |
CVE-2017-15571 |
79 |
|
XSS |
2017-10-18 |
2019-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. |
|
271 |
CVE-2017-15570 |
79 |
|
XSS |
2017-10-18 |
2019-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. |
|
272 |
CVE-2017-15569 |
79 |
|
XSS |
2017-10-18 |
2019-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. |
|
273 |
CVE-2017-15568 |
79 |
|
XSS |
2017-10-18 |
2019-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history. |
|
274 |
CVE-2017-15567 |
|
|
+Priv |
2017-10-23 |
2021-06-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via unspecified vectors. NOTE: the vendor disputes this because there is no command shell in the product or in the associated SDK. |
|
275 |
CVE-2017-15565 |
476 |
|
|
2017-10-17 |
2019-03-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. |
|
276 |
CVE-2017-15539 |
89 |
|
Sql |
2017-10-17 |
2017-11-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. |
|
277 |
CVE-2017-15538 |
79 |
|
+Priv XSS |
2017-10-17 |
2018-06-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php. |
|
278 |
CVE-2017-15537 |
200 |
|
+Info |
2017-10-17 |
2018-01-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. |
|
279 |
CVE-2017-15385 |
119 |
|
DoS Overflow |
2017-10-16 |
2017-10-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file. |
|
280 |
CVE-2017-15384 |
79 |
|
XSS |
2017-10-16 |
2017-10-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. |
|
281 |
CVE-2017-15383 |
428 |
|
|
2017-10-16 |
2017-11-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory. |
|
282 |
CVE-2017-15381 |
89 |
|
Sql |
2017-10-23 |
2017-10-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). |
|
283 |
CVE-2017-15380 |
79 |
|
XSS |
2017-10-23 |
2017-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter. |
|
284 |
CVE-2017-15379 |
89 |
|
Sql Bypass |
2017-10-23 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. |
|
285 |
CVE-2017-15378 |
89 |
|
Sql |
2017-10-23 |
2017-10-31 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). |
|
286 |
CVE-2017-15377 |
|
|
|
2017-10-23 |
2020-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default). |
|
287 |
CVE-2017-15376 |
94 |
|
Exec Code |
2017-10-16 |
2020-07-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23. |
|
288 |
CVE-2017-15375 |
79 |
|
XSS |
2017-10-16 |
2017-11-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameters of the `wpjb-email`, `wpjb-job`, `wpjb-application`, and `wpjb-membership` modules. Remote attackers are able to inject malicious script code to hijack admin session credentials via the backend, or to manipulate the backend on client-side performed requests. The attack vector is non-persistent and the request method to inject is GET. The attacker does not need a privileged user account to perform a successful exploitation. |
|
289 |
CVE-2017-15374 |
79 |
|
Exec Code +Priv XSS |
2017-10-16 |
2018-01-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend. The execution occurs in the administrator backend listing when processing a preview of the customers (kunden) or orders (bestellungen). The injection can be performed interactively via user registration or by manipulation of the order information inputs. The issue can be exploited by low privileged user accounts against higher privileged (admin or moderator) accounts. |
|
290 |
CVE-2017-15373 |
89 |
|
Sql |
2017-10-16 |
2017-10-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). |
|
291 |
CVE-2017-15372 |
119 |
|
DoS Overflow |
2017-10-16 |
2021-06-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. |
|
292 |
CVE-2017-15371 |
617 |
|
DoS |
2017-10-16 |
2021-06-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. |
|
293 |
CVE-2017-15370 |
119 |
|
DoS Overflow |
2017-10-16 |
2021-06-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. |
|
294 |
CVE-2017-15369 |
416 |
|
DoS |
2017-10-16 |
2017-11-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document. |
|
295 |
CVE-2017-15368 |
125 |
|
DoS |
2017-10-16 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call. |
|
296 |
CVE-2017-15366 |
532 |
|
|
2017-10-26 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required. |
|
297 |
CVE-2017-15364 |
415 |
|
DoS |
2017-10-15 |
2017-11-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. |
|
298 |
CVE-2017-15363 |
22 |
|
Dir. Trav. |
2017-10-15 |
2021-04-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter. |
|
299 |
CVE-2017-15362 |
79 |
|
Exec Code XSS Bypass CSRF |
2017-10-16 |
2017-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176. |
|
300 |
CVE-2017-15361 |
|
|
|
2017-10-16 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. |
