| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
401 |
CVE-2017-15063 |
352 |
|
CSRF |
2017-10-06 |
2018-11-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. |
|
402 |
CVE-2017-15056 |
476 |
|
DoS |
2017-10-06 |
2017-11-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack(). |
|
403 |
CVE-2017-15047 |
119 |
|
DoS Overflow |
2017-10-06 |
2020-08-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." |
|
404 |
CVE-2017-15046 |
119 |
|
Overflow |
2017-10-06 |
2021-02-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. |
|
405 |
CVE-2017-15045 |
125 |
|
|
2017-10-06 |
2021-03-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. |
|
406 |
CVE-2017-15042 |
319 |
|
|
2017-10-05 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password. |
|
407 |
CVE-2017-15041 |
|
|
Exec Code |
2017-10-05 |
2021-03-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get." |
|
408 |
CVE-2017-15037 |
362 |
|
|
2017-10-05 |
2017-10-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character. |
|
409 |
CVE-2017-15035 |
119 |
|
DoS Overflow |
2017-10-05 |
2017-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash). |
|
410 |
CVE-2017-15033 |
772 |
|
|
2017-10-05 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. |
|
411 |
CVE-2017-15032 |
772 |
|
|
2017-10-05 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. |
|
412 |
CVE-2017-15025 |
369 |
|
DoS |
2017-10-05 |
2017-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file. |
|
413 |
CVE-2017-15024 |
835 |
|
DoS |
2017-10-05 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. |
|
414 |
CVE-2017-15023 |
476 |
|
DoS |
2017-10-05 |
2018-01-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. |
|
415 |
CVE-2017-15022 |
476 |
|
DoS |
2017-10-05 |
2017-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. |
|
416 |
CVE-2017-15021 |
125 |
|
DoS |
2017-10-05 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32. |
|
417 |
CVE-2017-15020 |
125 |
|
DoS |
2017-10-05 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read. |
|
418 |
CVE-2017-15019 |
476 |
|
|
2017-10-05 |
2017-10-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. |
|
419 |
CVE-2017-15018 |
125 |
|
|
2017-10-05 |
2021-02-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. |
|
420 |
CVE-2017-15017 |
476 |
|
|
2017-10-05 |
2020-09-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. |
|
421 |
CVE-2017-15016 |
476 |
|
|
2017-10-05 |
2019-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. |
|
422 |
CVE-2017-15015 |
476 |
|
|
2017-10-05 |
2020-09-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. |
|
423 |
CVE-2017-15014 |
269 |
|
|
2017-10-13 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call. As the result of this design, any authenticated user may create his own dmr_content object, pointing to already existing content in the Content Server filesystem. |
|
424 |
CVE-2017-15013 |
269 |
|
+Priv |
2017-10-13 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges. |
|
425 |
CVE-2017-15012 |
20 |
|
|
2017-10-13 |
2017-11-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. |
|
426 |
CVE-2017-15011 |
119 |
|
DoS Overflow |
2017-10-04 |
2019-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. |
|
427 |
CVE-2017-15010 |
400 |
|
DoS |
2017-10-04 |
2019-06-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU. |
|
428 |
CVE-2017-15009 |
79 |
|
XSS |
2017-10-04 |
2017-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter. |
|
429 |
CVE-2017-15008 |
79 |
|
XSS |
2017-10-04 |
2017-10-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element. |
|
430 |
CVE-2017-14997 |
191 |
|
DoS |
2017-10-04 |
2019-06-30 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. |
|
431 |
CVE-2017-14995 |
79 |
|
XSS |
2017-10-04 |
2017-10-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is affected by stored XSS. |
|
432 |
CVE-2017-14994 |
476 |
|
DoS |
2017-10-04 |
2019-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. |
|
433 |
CVE-2017-14990 |
312 |
|
Sql |
2017-10-03 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). |
|
434 |
CVE-2017-14989 |
416 |
|
|
2017-10-03 |
2018-06-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. |
|
435 |
CVE-2017-14988 |
400 |
|
DoS |
2017-10-03 |
2019-09-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid. |
|
436 |
CVE-2017-14985 |
79 |
|
XSS |
2017-10-03 |
2021-02-23 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php. |
|
437 |
CVE-2017-14984 |
79 |
|
XSS |
2017-10-03 |
2021-02-23 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php. |
|
438 |
CVE-2017-14983 |
79 |
|
XSS |
2017-10-03 |
2021-02-23 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php. |
|
439 |
CVE-2017-14981 |
79 |
|
XSS |
2017-10-03 |
2017-10-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website. |
|
440 |
CVE-2017-14980 |
119 |
|
Overflow |
2017-10-10 |
2017-10-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login. |
|
441 |
CVE-2017-14979 |
|
|
|
2017-10-03 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php. |
|
442 |
CVE-2017-14977 |
476 |
|
DoS |
2017-10-02 |
2019-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. |
|
443 |
CVE-2017-14976 |
125 |
|
DoS |
2017-10-02 |
2019-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. |
|
444 |
CVE-2017-14975 |
476 |
|
DoS |
2017-10-02 |
2019-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. |
|
445 |
CVE-2017-14974 |
476 |
|
DoS |
2017-10-02 |
2017-10-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. |
|
446 |
CVE-2017-14973 |
79 |
|
XSS |
2017-10-09 |
2017-10-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page). |
|
447 |
CVE-2017-14972 |
287 |
|
Bypass |
2017-10-09 |
2019-05-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file. |
|
448 |
CVE-2017-14971 |
200 |
|
+Info |
2017-10-09 |
2017-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario, the attacker provides an Excel spreadsheet, and the attacker-controller server receives the victim's NetNTLMv2 hash. |
|
449 |
CVE-2017-14970 |
772 |
|
|
2017-10-02 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table." |
|
450 |
CVE-2017-14958 |
434 |
|
Exec Code |
2017-10-02 |
2017-10-06 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file. |
