| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
301 |
CVE-2017-15299 |
476 |
|
DoS |
2017-10-14 |
2018-10-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. |
|
302 |
CVE-2017-15298 |
400 |
|
DoS |
2017-10-14 |
2020-05-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. |
|
303 |
CVE-2017-15297 |
287 |
|
|
2017-10-16 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993. |
|
304 |
CVE-2017-15296 |
352 |
|
CSRF |
2017-10-16 |
2018-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. |
|
305 |
CVE-2017-15295 |
287 |
|
|
2017-10-16 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064. |
|
306 |
CVE-2017-15294 |
79 |
|
XSS |
2017-10-16 |
2019-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964. |
|
307 |
CVE-2017-15293 |
287 |
|
|
2017-10-16 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064. |
|
308 |
CVE-2017-15291 |
79 |
|
XSS |
2017-10-20 |
2017-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field. |
|
309 |
CVE-2017-15290 |
319 |
|
|
2017-10-12 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality. |
|
310 |
CVE-2017-15287 |
79 |
|
XSS |
2017-10-12 |
2017-10-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. |
|
311 |
CVE-2017-15286 |
476 |
|
|
2017-10-12 |
2017-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. |
|
312 |
CVE-2017-15285 |
20 |
|
Exec Code |
2017-10-12 |
2017-11-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an "Add File Via URL" action, and change the image's Description URL to reference the .php URL in the attachments/ directory. |
|
313 |
CVE-2017-15284 |
79 |
|
Exec Code XSS |
2017-10-12 |
2020-08-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account. |
|
314 |
CVE-2017-15281 |
119 |
|
DoS Overflow |
2017-10-12 |
2020-09-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." |
|
315 |
CVE-2017-15280 |
611 |
|
+Info |
2017-10-12 |
2017-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs. |
|
316 |
CVE-2017-15279 |
79 |
|
XSS |
2017-10-12 |
2017-10-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs. |
|
317 |
CVE-2017-15278 |
79 |
|
Exec Code XSS |
2017-10-12 |
2017-10-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
318 |
CVE-2017-15277 |
200 |
|
+Info |
2017-10-12 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. |
|
319 |
CVE-2017-15276 |
22 |
|
+Priv Dir. Trav. |
2017-10-13 |
2017-11-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. |
|
320 |
CVE-2017-15274 |
476 |
|
DoS |
2017-10-12 |
2018-03-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192. |
|
321 |
CVE-2017-15273 |
79 |
|
XSS |
2017-10-31 |
2017-11-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts. |
|
322 |
CVE-2017-15268 |
772 |
|
|
2017-10-12 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. |
|
323 |
CVE-2017-15267 |
476 |
|
|
2017-10-11 |
2018-02-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. |
|
324 |
CVE-2017-15266 |
369 |
|
|
2017-10-11 |
2018-02-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. |
|
325 |
CVE-2017-15265 |
362 |
|
DoS |
2017-10-16 |
2020-07-15 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. |
|
326 |
CVE-2017-15264 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at image00000000_00400000+0x00000000000236e4." |
|
327 |
CVE-2017-15263 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x00000000000166c4." |
|
328 |
CVE-2017-15262 |
119 |
|
DoS Exec Code Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x0000000000048d0c." |
|
329 |
CVE-2017-15261 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x0000000000057b35." |
|
330 |
CVE-2017-15260 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000129a59." |
|
331 |
CVE-2017-15259 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x000000000011624a." |
|
332 |
CVE-2017-15258 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000161a9c." |
|
333 |
CVE-2017-15257 |
119 |
|
DoS Exec Code Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000000000009174a." |
|
334 |
CVE-2017-15256 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x0000000000019fc8." |
|
335 |
CVE-2017-15255 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x00000000001601b0." |
|
336 |
CVE-2017-15254 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlGetGlobalState+0x000000000007dfa5." |
|
337 |
CVE-2017-15253 |
119 |
|
DoS Exec Code Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x000000000007dff2." |
|
338 |
CVE-2017-15252 |
119 |
|
DoS Exec Code Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x00000000000158cb." |
|
339 |
CVE-2017-15251 |
119 |
|
DoS Exec Code Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x00000000000e7326." |
|
340 |
CVE-2017-15250 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132e19." |
|
341 |
CVE-2017-15249 |
119 |
|
DoS Exec Code Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x00000000000668d6." |
|
342 |
CVE-2017-15248 |
119 |
|
DoS Exec Code Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x0000000000063ca6." |
|
343 |
CVE-2017-15247 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000001168a1." |
|
344 |
CVE-2017-15246 |
119 |
|
DoS Exec Code Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x000000000001515b." |
|
345 |
CVE-2017-15245 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlGetGlobalState+0x0000000000057b76." |
|
346 |
CVE-2017-15244 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d." |
|
347 |
CVE-2017-15243 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x00000000000568a4." |
|
348 |
CVE-2017-15242 |
119 |
|
DoS Exec Code Overflow |
2017-10-11 |
2017-10-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x0000000000031abe." |
|
349 |
CVE-2017-15241 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5." |
|
350 |
CVE-2017-15240 |
119 |
|
DoS Overflow |
2017-10-11 |
2017-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132cef." |
