CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2017 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2017-17522 74 2017-12-14 2017-12-28
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting.
252 CVE-2017-17521 74 2017-12-14 2020-01-13
6.8
None Remote Medium Not required Partial Partial Partial
uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.
253 CVE-2017-17520 74 2017-12-14 2017-12-28
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs."
254 CVE-2017-17519 74 2017-12-14 2017-12-29
6.8
None Remote Medium Not required Partial Partial Partial
batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
255 CVE-2017-17518 74 2017-12-14 2020-02-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being a vulnerability because “the current version of white_dune (1.369 at https://wdune.ourproject.org/) do not use a "BROWSER environment variable". Instead, the "browser" variable is read from the $HOME/.dunerc file (or from the M$Windows registry). It is configurable in the "options" menu. The default is chosen in the ./configure script, which tests various programs, first tested is "xdg-open".”
256 CVE-2017-17517 74 2017-12-14 2017-12-29
6.8
None Remote Medium Not required Partial Partial Partial
libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
257 CVE-2017-17516 74 2017-12-14 2017-12-29
6.8
None Remote Medium Not required Partial Partial Partial
scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
258 CVE-2017-17515 74 2017-12-14 2018-01-03
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this environment variable is not enabled in the shipped product.
259 CVE-2017-17514 74 2017-12-14 2018-01-02
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable.
260 CVE-2017-17513 74 2017-12-14 2018-01-02
6.8
None Remote Medium Not required Partial Partial Partial
TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua.
261 CVE-2017-17512 74 2017-12-11 2018-03-16
6.8
None Remote Medium Not required Partial Partial Partial
sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.
262 CVE-2017-17511 74 2017-12-14 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.
263 CVE-2017-17509 787 2017-12-11 2017-12-19
6.8
None Remote Medium Not required Partial Partial Partial
In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.
264 CVE-2017-17503 125 2017-12-11 2019-06-30
6.8
None Remote Medium Not required Partial Partial Partial
ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.
265 CVE-2017-17502 125 2017-12-11 2019-06-30
6.8
None Remote Medium Not required Partial Partial Partial
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.
266 CVE-2017-17501 125 2017-12-11 2019-06-30
6.8
None Remote Medium Not required Partial Partial Partial
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.
267 CVE-2017-17500 125 2017-12-11 2019-06-30
6.8
None Remote Medium Not required Partial Partial Partial
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.
268 CVE-2017-17499 416 2017-12-11 2020-10-28
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
269 CVE-2017-17498 119 DoS Overflow 2017-12-11 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
270 CVE-2017-17497 119 DoS Overflow 2017-12-10 2020-02-04
5.0
None Remote Low Not required None None Partial
In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.
271 CVE-2017-17496 284 Bypass 2017-12-10 2017-12-28
5.0
None Remote Low Not required None Partial None
The socket_create function in socket.c in idevicerestore through 2017-12-10 allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket, a similar issue to CVE-2016-5104.
272 CVE-2017-17484 119 DoS Overflow 2017-12-10 2019-04-23
7.5
None Remote Low Not required Partial Partial Partial
The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.
273 CVE-2017-17480 787 DoS Exec Code Overflow 2017-12-08 2021-02-03
7.5
None Remote Low Not required Partial Partial Partial
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
274 CVE-2017-17479 787 DoS Exec Code Overflow 2017-12-08 2018-11-29
7.5
None Remote Low Not required Partial Partial Partial
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
275 CVE-2017-17476 200 +Priv +Info 2017-12-20 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
276 CVE-2017-17475 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82736068.
277 CVE-2017-17474 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730070.
278 CVE-2017-17473 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730050.
279 CVE-2017-17472 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730030.
280 CVE-2017-17471 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82732140.
281 CVE-2017-17470 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730054.
282 CVE-2017-17469 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730008, a different vulnerability than CVE-2017-16948.
283 CVE-2017-17467 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730074.
284 CVE-2017-17465 476 2017-12-08 2017-12-20
7.5
None Remote Low Not required Partial Partial Partial
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request.
285 CVE-2017-17464 476 2017-12-08 2017-12-20
7.5
None Remote Low Not required Partial Partial Partial
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request.
286 CVE-2017-17463 200 +Info 2017-12-08 2017-12-22
5.0
None Remote Low Not required Partial None None
Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields.
287 CVE-2017-17461 20 DoS Bypass 2017-12-07 2017-12-22
5.0
None Remote Low Not required None None Partial
A Regular expression Denial of Service (ReDoS) vulnerability in the file marked.js of the marked npm package (tested on version 0.3.7) allows a remote attacker to overload and crash a server by passing a maliciously crafted string.
288 CVE-2017-17459 Exec Code 2017-12-07 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
289 CVE-2017-17458 78 2017-12-07 2020-07-31
10.0
None Remote Low Not required Complete Complete Complete
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.
290 CVE-2017-17439 476 2017-12-06 2017-12-30
5.0
None Remote Low Not required None None Partial
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.
291 CVE-2017-17435 287 2017-12-07 2017-12-22
8.3
None Local Network Low Not required Complete Complete Complete
An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phone application requires it and there is a field to supply the PIN code in an authorization request, the safe does not check the PIN code, so an attacker can obtain authorization using any value. Once an attacker sees the Bluetooth Low Energy (BLE) advertisement for the safe, they need only to write a BLE characteristic to enable notifications, and send a crafted getAuthor packet that returns a temporary key, and an unlock packet including that temporary key. The safe then opens after the unlock packet is processed, with no verification of PIN or other credentials.
292 CVE-2017-17434 Bypass 2017-12-06 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.
293 CVE-2017-17432 617 DoS 2017-12-06 2019-10-03
7.8
None Remote Low Not required None None Complete
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
294 CVE-2017-17430 287 Exec Code 2017-12-07 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.
295 CVE-2017-17426 190 Overflow 2017-12-05 2017-12-15
6.8
None Remote Medium Not required Partial Partial Partial
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.
296 CVE-2017-17411 78 Exec Code 2017-12-21 2018-08-28
10.0
None Remote Low Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
297 CVE-2017-17410 787 Exec Code 2017-12-21 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x102 in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5116.
298 CVE-2017-17409 190 Exec Code Overflow 2017-12-21 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x10A in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5102.
299 CVE-2017-17408 190 Exec Code Overflow 2017-12-21 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101.
300 CVE-2017-17405 78 Exec Code 2017-12-15 2019-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.
Total number of vulnerabilities : 774   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.