| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
351 |
CVE-2017-17523 |
74 |
|
|
2017-12-11 |
2017-12-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument. |
|
352 |
CVE-2017-17522 |
74 |
|
|
2017-12-14 |
2017-12-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting. |
|
353 |
CVE-2017-17521 |
74 |
|
|
2017-12-14 |
2020-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. |
|
354 |
CVE-2017-17520 |
74 |
|
|
2017-12-14 |
2017-12-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs." |
|
355 |
CVE-2017-17519 |
74 |
|
|
2017-12-14 |
2017-12-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. |
|
356 |
CVE-2017-17518 |
74 |
|
|
2017-12-14 |
2020-02-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being a vulnerability because “the current version of white_dune (1.369 at https://wdune.ourproject.org/) do not use a "BROWSER environment variable". Instead, the "browser" variable is read from the $HOME/.dunerc file (or from the M$Windows registry). It is configurable in the "options" menu. The default is chosen in the ./configure script, which tests various programs, first tested is "xdg-open".” |
|
357 |
CVE-2017-17517 |
74 |
|
|
2017-12-14 |
2017-12-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. |
|
358 |
CVE-2017-17516 |
74 |
|
|
2017-12-14 |
2017-12-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. |
|
359 |
CVE-2017-17515 |
74 |
|
|
2017-12-14 |
2018-01-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this environment variable is not enabled in the shipped product. |
|
360 |
CVE-2017-17514 |
74 |
|
|
2017-12-14 |
2018-01-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable. |
|
361 |
CVE-2017-17513 |
74 |
|
|
2017-12-14 |
2018-01-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua. |
|
362 |
CVE-2017-17512 |
74 |
|
|
2017-12-11 |
2018-03-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument. |
|
363 |
CVE-2017-17511 |
74 |
|
|
2017-12-14 |
2019-04-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c. |
|
364 |
CVE-2017-17509 |
787 |
|
|
2017-12-11 |
2017-12-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file. |
|
365 |
CVE-2017-17508 |
369 |
|
|
2017-12-11 |
2017-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. |
|
366 |
CVE-2017-17507 |
125 |
|
|
2017-12-11 |
2017-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. |
|
367 |
CVE-2017-17506 |
125 |
|
|
2017-12-11 |
2017-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. |
|
368 |
CVE-2017-17505 |
476 |
|
|
2017-12-11 |
2017-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. |
|
369 |
CVE-2017-17504 |
125 |
|
|
2017-12-11 |
2021-04-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. |
|
370 |
CVE-2017-17503 |
125 |
|
|
2017-12-11 |
2019-06-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. |
|
371 |
CVE-2017-17502 |
125 |
|
|
2017-12-11 |
2019-06-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. |
|
372 |
CVE-2017-17501 |
125 |
|
|
2017-12-11 |
2019-06-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. |
|
373 |
CVE-2017-17500 |
125 |
|
|
2017-12-11 |
2019-06-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. |
|
374 |
CVE-2017-17499 |
416 |
|
|
2017-12-11 |
2020-10-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. |
|
375 |
CVE-2017-17498 |
119 |
|
DoS Overflow |
2017-12-11 |
2018-10-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. |
|
376 |
CVE-2017-17497 |
119 |
|
DoS Overflow |
2017-12-10 |
2020-02-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value. |
|
377 |
CVE-2017-17496 |
284 |
|
Bypass |
2017-12-10 |
2017-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The socket_create function in socket.c in idevicerestore through 2017-12-10 allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket, a similar issue to CVE-2016-5104. |
|
378 |
CVE-2017-17484 |
119 |
|
DoS Overflow |
2017-12-10 |
2019-04-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. |
|
379 |
CVE-2017-17480 |
787 |
|
DoS Exec Code Overflow |
2017-12-08 |
2021-02-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. |
|
380 |
CVE-2017-17479 |
787 |
|
DoS Exec Code Overflow |
2017-12-08 |
2018-11-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. |
|
381 |
CVE-2017-17476 |
200 |
|
+Priv +Info |
2017-12-20 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email. |
|
382 |
CVE-2017-17475 |
119 |
|
DoS Overflow |
2017-12-08 |
2017-12-18 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82736068. |
|
383 |
CVE-2017-17474 |
119 |
|
DoS Overflow |
2017-12-08 |
2017-12-18 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730070. |
|
384 |
CVE-2017-17473 |
119 |
|
DoS Overflow |
2017-12-08 |
2017-12-18 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730050. |
|
385 |
CVE-2017-17472 |
119 |
|
DoS Overflow |
2017-12-08 |
2017-12-18 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730030. |
|
386 |
CVE-2017-17471 |
119 |
|
DoS Overflow |
2017-12-08 |
2017-12-18 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82732140. |
|
387 |
CVE-2017-17470 |
119 |
|
DoS Overflow |
2017-12-08 |
2017-12-18 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730054. |
|
388 |
CVE-2017-17469 |
119 |
|
DoS Overflow |
2017-12-08 |
2017-12-18 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730008, a different vulnerability than CVE-2017-16948. |
|
389 |
CVE-2017-17468 |
|
|
DoS +Priv |
2017-12-08 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730020, a different vulnerability than CVE-2017-17050. |
|
390 |
CVE-2017-17467 |
119 |
|
DoS Overflow |
2017-12-08 |
2017-12-18 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730074. |
|
391 |
CVE-2017-17466 |
|
|
DoS +Priv |
2017-12-08 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730088. |
|
392 |
CVE-2017-17465 |
476 |
|
|
2017-12-08 |
2017-12-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request. |
|
393 |
CVE-2017-17464 |
476 |
|
|
2017-12-08 |
2017-12-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request. |
|
394 |
CVE-2017-17463 |
200 |
|
+Info |
2017-12-08 |
2017-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields. |
|
395 |
CVE-2017-17461 |
20 |
|
DoS Bypass |
2017-12-07 |
2017-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A Regular expression Denial of Service (ReDoS) vulnerability in the file marked.js of the marked npm package (tested on version 0.3.7) allows a remote attacker to overload and crash a server by passing a maliciously crafted string. |
|
396 |
CVE-2017-17459 |
|
|
Exec Code |
2017-12-07 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117. |
|
397 |
CVE-2017-17458 |
78 |
|
|
2017-12-07 |
2020-07-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically. |
|
398 |
CVE-2017-17457 |
125 |
|
|
2017-12-07 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246. |
|
399 |
CVE-2017-17456 |
125 |
|
|
2017-12-07 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14245. |
|
400 |
CVE-2017-17451 |
79 |
|
XSS |
2017-12-07 |
2017-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. |
