| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
251 |
CVE-2017-15569 |
79 |
|
XSS |
2017-10-18 |
2019-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. |
|
252 |
CVE-2017-15568 |
79 |
|
XSS |
2017-10-18 |
2019-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history. |
|
253 |
CVE-2017-15567 |
|
|
+Priv |
2017-10-23 |
2021-06-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via unspecified vectors. NOTE: the vendor disputes this because there is no command shell in the product or in the associated SDK. |
|
254 |
CVE-2017-15565 |
476 |
|
|
2017-10-17 |
2019-03-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. |
|
255 |
CVE-2017-15539 |
89 |
|
Sql |
2017-10-17 |
2017-11-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. |
|
256 |
CVE-2017-15385 |
119 |
|
DoS Overflow |
2017-10-16 |
2017-10-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file. |
|
257 |
CVE-2017-15384 |
79 |
|
XSS |
2017-10-16 |
2017-10-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. |
|
258 |
CVE-2017-15383 |
428 |
|
|
2017-10-16 |
2017-11-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory. |
|
259 |
CVE-2017-15381 |
89 |
|
Sql |
2017-10-23 |
2017-10-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). |
|
260 |
CVE-2017-15380 |
79 |
|
XSS |
2017-10-23 |
2017-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter. |
|
261 |
CVE-2017-15379 |
89 |
|
Sql Bypass |
2017-10-23 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. |
|
262 |
CVE-2017-15378 |
89 |
|
Sql |
2017-10-23 |
2017-10-31 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). |
|
263 |
CVE-2017-15377 |
|
|
|
2017-10-23 |
2020-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default). |
|
264 |
CVE-2017-15376 |
94 |
|
Exec Code |
2017-10-16 |
2020-07-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23. |
|
265 |
CVE-2017-15375 |
79 |
|
XSS |
2017-10-16 |
2017-11-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameters of the `wpjb-email`, `wpjb-job`, `wpjb-application`, and `wpjb-membership` modules. Remote attackers are able to inject malicious script code to hijack admin session credentials via the backend, or to manipulate the backend on client-side performed requests. The attack vector is non-persistent and the request method to inject is GET. The attacker does not need a privileged user account to perform a successful exploitation. |
|
266 |
CVE-2017-15374 |
79 |
|
Exec Code +Priv XSS |
2017-10-16 |
2018-01-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend. The execution occurs in the administrator backend listing when processing a preview of the customers (kunden) or orders (bestellungen). The injection can be performed interactively via user registration or by manipulation of the order information inputs. The issue can be exploited by low privileged user accounts against higher privileged (admin or moderator) accounts. |
|
267 |
CVE-2017-15373 |
89 |
|
Sql |
2017-10-16 |
2017-10-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). |
|
268 |
CVE-2017-15372 |
119 |
|
DoS Overflow |
2017-10-16 |
2021-06-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. |
|
269 |
CVE-2017-15371 |
617 |
|
DoS |
2017-10-16 |
2021-06-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. |
|
270 |
CVE-2017-15370 |
119 |
|
DoS Overflow |
2017-10-16 |
2021-06-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. |
|
271 |
CVE-2017-15369 |
416 |
|
DoS |
2017-10-16 |
2017-11-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document. |
|
272 |
CVE-2017-15368 |
125 |
|
DoS |
2017-10-16 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call. |
|
273 |
CVE-2017-15366 |
532 |
|
|
2017-10-26 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required. |
|
274 |
CVE-2017-15364 |
415 |
|
DoS |
2017-10-15 |
2017-11-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. |
|
275 |
CVE-2017-15363 |
22 |
|
Dir. Trav. |
2017-10-15 |
2021-04-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter. |
|
276 |
CVE-2017-15362 |
79 |
|
Exec Code XSS Bypass CSRF |
2017-10-16 |
2017-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176. |
|
277 |
CVE-2017-15361 |
|
|
|
2017-10-16 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. |
|
278 |
CVE-2017-15359 |
22 |
|
Dir. Trav. |
2017-10-18 |
2017-11-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks. |
|
279 |
CVE-2017-15305 |
79 |
|
XSS |
2017-10-15 |
2017-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. |
|
280 |
CVE-2017-15304 |
384 |
|
|
2017-10-15 |
2017-11-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change. |
|
281 |
CVE-2017-15303 |
787 |
|
|
2017-10-16 |
2017-11-07 |
4.3 |
None |
Local |
Low |
??? |
Partial |
Partial |
Partial |
|
In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver (e.g., cpuz141_x64.sys for version 1.41). |
|
282 |
CVE-2017-15302 |
|
|
+Info |
2017-10-16 |
2020-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on the system (Windows), including sandboxed users, can issue an ioctl to this driver without any validation. Furthermore, the driver can map any physical page on the system and returns the allocated map page address to the user: that results in an information leak and EoP. NOTE: the vendor indicates that the arbitrary read itself is intentional behavior (for ACPI scan functionality); the security issue is the lack of an ACL. |
|
283 |
CVE-2017-15300 |
|
|
DoS |
2017-10-15 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as "GET / HTTP/1.1"), which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session with telnet or netcat and connecting to the miner on the HTTP API port. |
|
284 |
CVE-2017-15299 |
476 |
|
DoS |
2017-10-14 |
2018-10-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. |
|
285 |
CVE-2017-15298 |
400 |
|
DoS |
2017-10-14 |
2020-05-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. |
|
286 |
CVE-2017-15297 |
287 |
|
|
2017-10-16 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993. |
|
287 |
CVE-2017-15296 |
352 |
|
CSRF |
2017-10-16 |
2018-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. |
|
288 |
CVE-2017-15295 |
287 |
|
|
2017-10-16 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064. |
|
289 |
CVE-2017-15294 |
79 |
|
XSS |
2017-10-16 |
2019-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964. |
|
290 |
CVE-2017-15293 |
287 |
|
|
2017-10-16 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064. |
|
291 |
CVE-2017-15291 |
79 |
|
XSS |
2017-10-20 |
2017-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field. |
|
292 |
CVE-2017-15290 |
319 |
|
|
2017-10-12 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality. |
|
293 |
CVE-2017-15287 |
79 |
|
XSS |
2017-10-12 |
2017-10-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. |
|
294 |
CVE-2017-15286 |
476 |
|
|
2017-10-12 |
2017-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. |
|
295 |
CVE-2017-15285 |
20 |
|
Exec Code |
2017-10-12 |
2017-11-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an "Add File Via URL" action, and change the image's Description URL to reference the .php URL in the attachments/ directory. |
|
296 |
CVE-2017-15281 |
119 |
|
DoS Overflow |
2017-10-12 |
2020-09-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." |
|
297 |
CVE-2017-15280 |
611 |
|
+Info |
2017-10-12 |
2017-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs. |
|
298 |
CVE-2017-15277 |
200 |
|
+Info |
2017-10-12 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. |
|
299 |
CVE-2017-15276 |
22 |
|
+Priv Dir. Trav. |
2017-10-13 |
2017-11-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. |
|
300 |
CVE-2017-15274 |
476 |
|
DoS |
2017-10-12 |
2018-03-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192. |
