| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
401 |
CVE-2017-17450 |
862 |
|
Bypass |
2017-12-07 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. |
|
402 |
CVE-2017-17448 |
862 |
|
Bypass |
2017-12-07 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces. |
|
403 |
CVE-2017-17446 |
681 |
|
DoS |
2017-12-06 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file. |
|
404 |
CVE-2017-17440 |
476 |
|
DoS |
2017-12-06 |
2017-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c. |
|
405 |
CVE-2017-17439 |
476 |
|
|
2017-12-06 |
2017-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c. |
|
406 |
CVE-2017-17436 |
326 |
|
|
2017-12-07 |
2017-12-22 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and "Data transmissions are secure via AES256 bit encryption." These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe. |
|
407 |
CVE-2017-17435 |
287 |
|
|
2017-12-07 |
2017-12-22 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phone application requires it and there is a field to supply the PIN code in an authorization request, the safe does not check the PIN code, so an attacker can obtain authorization using any value. Once an attacker sees the Bluetooth Low Energy (BLE) advertisement for the safe, they need only to write a BLE characteristic to enable notifications, and send a crafted getAuthor packet that returns a temporary key, and an unlock packet including that temporary key. The safe then opens after the unlock packet is processed, with no verification of PIN or other credentials. |
|
408 |
CVE-2017-17434 |
|
|
Bypass |
2017-12-06 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. |
|
409 |
CVE-2017-17433 |
862 |
|
Bypass |
2017-12-06 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. |
|
410 |
CVE-2017-17432 |
617 |
|
DoS |
2017-12-06 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. |
|
411 |
CVE-2017-17431 |
79 |
|
XSS |
2017-12-05 |
2017-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765. |
|
412 |
CVE-2017-17430 |
287 |
|
Exec Code |
2017-12-07 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface. |
|
413 |
CVE-2017-17427 |
203 |
|
|
2017-12-13 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations. |
|
414 |
CVE-2017-17426 |
190 |
|
Overflow |
2017-12-05 |
2017-12-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check. |
|
415 |
CVE-2017-17411 |
78 |
|
Exec Code |
2017-12-21 |
2018-08-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892. |
|
416 |
CVE-2017-17410 |
787 |
|
Exec Code |
2017-12-21 |
2019-10-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x102 in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5116. |
|
417 |
CVE-2017-17409 |
190 |
|
Exec Code Overflow |
2017-12-21 |
2019-10-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x10A in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5102. |
|
418 |
CVE-2017-17408 |
190 |
|
Exec Code Overflow |
2017-12-21 |
2019-10-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101. |
|
419 |
CVE-2017-17405 |
78 |
|
Exec Code |
2017-12-15 |
2019-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. |
|
420 |
CVE-2017-17384 |
269 |
|
|
2017-12-07 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. |
|
421 |
CVE-2017-17383 |
79 |
|
XSS |
2017-12-06 |
2017-12-22 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624. |
|
422 |
CVE-2017-17382 |
327 |
|
|
2017-12-13 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. |
|
423 |
CVE-2017-17381 |
369 |
|
DoS |
2017-12-07 |
2020-11-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. |
|
424 |
CVE-2017-17130 |
119 |
|
DoS Overflow |
2017-12-04 |
2019-01-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to vc1_decode_i_blocks_adv. |
|
425 |
CVE-2017-17129 |
476 |
|
DoS |
2017-12-04 |
2017-12-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact via a crafted file. |
|
426 |
CVE-2017-17128 |
119 |
|
DoS Overflow |
2017-12-04 |
2017-12-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file. |
|
427 |
CVE-2017-17127 |
476 |
|
DoS |
2017-12-04 |
2019-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. |
|
428 |
CVE-2017-17126 |
119 |
|
DoS Overflow |
2017-12-04 |
2019-03-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers. |
|
429 |
CVE-2017-17125 |
125 |
|
DoS |
2017-12-04 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file. |
|
430 |
CVE-2017-17124 |
119 |
|
DoS Overflow |
2017-12-04 |
2018-11-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary. |
|
431 |
CVE-2017-17123 |
476 |
|
DoS |
2017-12-04 |
2018-11-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file. |
|
432 |
CVE-2017-17122 |
190 |
|
DoS Overflow |
2017-12-04 |
2019-03-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file. |
|
433 |
CVE-2017-17121 |
119 |
|
DoS Overflow |
2017-12-04 |
2018-11-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section. |
|
434 |
CVE-2017-17114 |
119 |
|
Overflow Mem. Corr. |
2017-12-04 |
2017-12-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
ntguard.sys and ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 have a Memory Corruption vulnerability via a 0x83000084 DeviceIoControl request. |
|
435 |
CVE-2017-17113 |
476 |
|
|
2017-12-04 |
2017-12-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL pointer dereference via a 0x830000c4 DeviceIoControl request. |
|
436 |
CVE-2017-17112 |
119 |
|
Overflow |
2017-12-04 |
2017-12-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool Corruption vulnerability via a 0x83000058 DeviceIoControl request. |
|
437 |
CVE-2017-17111 |
89 |
|
Sql |
2017-12-11 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request. |
|
438 |
CVE-2017-17110 |
89 |
|
Sql |
2017-12-11 |
2020-09-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request. |
|
439 |
CVE-2017-17107 |
798 |
|
|
2017-12-19 |
2018-01-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session. |
|
440 |
CVE-2017-17106 |
522 |
|
|
2017-12-19 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. |
|
441 |
CVE-2017-17105 |
78 |
|
|
2017-12-19 |
2020-06-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request. |
|
442 |
CVE-2017-17104 |
200 |
|
+Info |
2017-12-04 |
2017-12-15 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. |
|
443 |
CVE-2017-17103 |
89 |
|
Sql |
2017-12-04 |
2017-12-15 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges. |
|
444 |
CVE-2017-17102 |
89 |
|
Sql |
2017-12-04 |
2017-12-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. |
|
445 |
CVE-2017-17099 |
119 |
|
Overflow |
2017-12-03 |
2017-12-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account. |
|
446 |
CVE-2017-17096 |
79 |
|
XSS |
2017-12-03 |
2017-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data. |
|
447 |
CVE-2017-17095 |
119 |
|
DoS Overflow |
2017-12-02 |
2018-12-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. |
|
448 |
CVE-2017-17094 |
79 |
|
XSS |
2017-12-02 |
2019-04-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. |
|
449 |
CVE-2017-17093 |
79 |
|
XSS |
2017-12-02 |
2019-04-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. |
|
450 |
CVE-2017-17092 |
79 |
|
XSS |
2017-12-02 |
2019-04-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. |
