CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2017(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1002100 200 +Info 2017-09-14 2017-09-29
4.0
None Remote Low Single system Partial None None
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.
2 CVE-2017-1000381 200 +Info 2017-07-07 2017-07-17
5.0
None Remote Low Not required Partial None None
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
3 CVE-2017-1000380 200 +Info 2017-06-17 2017-11-05
2.1
None Local Low Not required Partial None None
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
4 CVE-2017-1000362 200 +Info 2017-07-17 2017-07-26
5.0
None Remote Low Not required Partial None None
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present.
5 CVE-2017-1000250 200 +Info 2017-09-12 2017-11-04
3.3
None Local Network Low Not required Partial None None
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
6 CVE-2017-1000242 200 +Info 2017-11-01 2017-11-18
2.1
None Local Low Not required Partial None None
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure
7 CVE-2017-1000157 200 +Info 2017-11-03 2017-11-13
3.5
None Remote Medium Single system Partial None None
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on.
8 CVE-2017-1000155 200 +Info 2017-11-03 2017-11-13
4.0
None Remote Low Single system Partial None None
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.
9 CVE-2017-1000151 200 +Info 2017-11-03 2017-11-13
5.0
None Remote Low Not required Partial None None
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.
10 CVE-2017-1000143 200 +Info 2017-11-03 2017-11-15
4.0
None Remote Low Single system Partial None None
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.
11 CVE-2017-1000133 200 +Info 2017-11-03 2017-11-13
5.0
None Remote Low Not required Partial None None
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.
12 CVE-2017-1000114 200 XSS +Info 2017-10-04 2017-10-17
4.3
None Remote Medium Not required Partial None None
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser extensions or cross-site scripting vulnerabilities. The Datadog Plugin now encrypts the API key transmitted to administrators viewing the global configuration form.
13 CVE-2017-1000113 200 +Info 2017-10-04 2017-11-01
2.1
None Local Low Not required Partial None None
The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords.
14 CVE-2017-1000108 200 +Info 2017-10-04 2017-11-01
5.0
None Remote Low Not required None None Partial
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.
15 CVE-2017-1000100 200 +Info 2017-10-04 2017-11-13
4.3
None Remote Medium Not required Partial None None
When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.
16 CVE-2017-1000099 200 +Info 2017-10-04 2017-11-01
4.3
None Remote Medium Not required Partial None None
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.
17 CVE-2017-1000094 200 +Info 2017-10-04 2017-10-17
4.0
None Remote Low Single system Partial None None
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.
18 CVE-2017-1000087 200 +Info 2017-10-04 2017-11-02
4.0
None Remote Low Single system Partial None None
GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.
19 CVE-2017-1000066 200 +Info 2017-07-17 2017-07-20
5.0
None Remote Low Not required Partial None None
The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information.
20 CVE-2017-1000029 200 +Info File Inclusion 2017-07-17 2017-07-21
5.0
None Remote Low Not required Partial None None
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.
21 CVE-2017-1000025 200 +Info 2017-07-17 2017-08-04
5.0
None Remote Low Not required Partial None None
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.
22 CVE-2017-1000024 200 +Info 2017-07-17 2017-09-26
5.0
None Remote Low Not required Partial None None
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission
23 CVE-2017-16877 Dir. Trav. +Info 2017-11-17 2017-11-17
0.0
None ??? ??? ??? ??? ??? ???
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
24 CVE-2017-16804 +Info 2017-11-13 2017-11-13
0.0
None ??? ??? ??? ??? ??? ???
In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.
25 CVE-2017-16642 +Info 2017-11-07 2017-11-15
0.0
None ??? ??? ??? ??? ??? ???
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
26 CVE-2017-15998 +Info 2017-10-29 2017-10-29
0.0
None ??? ??? ??? ??? ??? ???
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network.
27 CVE-2017-15937 200 +Info 2017-10-27 2017-11-14
4.0
None Remote Low Single system Partial None None
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).
28 CVE-2017-15865 +Info 2017-11-08 2017-11-14
0.0
None ??? ??? ??? ??? ??? ???
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).
29 CVE-2017-15610 200 +Info 2017-10-19 2017-10-25
4.0
None Remote Low Single system Partial None None
An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the private key.
30 CVE-2017-15609 200 +Info 2017-10-19 2017-10-25
5.0
None Remote Low Not required Partial None None
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.
31 CVE-2017-15597 264 DoS Mem. Corr. +Info 2017-10-30 2017-11-18
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.
32 CVE-2017-15589 200 +Info 2017-10-18 2017-11-14
2.1
None Local Low Not required Partial None None
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.
33 CVE-2017-15583 200 +Info File Inclusion 2017-10-18 2017-11-08
5.0
None Remote Low Not required Partial None None
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file.
34 CVE-2017-15582 200 +Info 2017-10-27 2017-11-14
5.0
None Remote Low Not required Partial None None
In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.
35 CVE-2017-15581 310 +Info 2017-10-27 2017-11-17
5.0
None Remote Low Not required Partial None None
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution.
36 CVE-2017-15577 200 +Info 2017-10-17 2017-10-25
5.0
None Remote Low Not required Partial None None
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.
37 CVE-2017-15576 200 +Info 2017-10-17 2017-10-25
5.0
None Remote Low Not required Partial None None
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
38 CVE-2017-15575 254 +Info 2017-10-17 2017-10-25
7.5
None Remote Low Not required Partial Partial Partial
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.
39 CVE-2017-15572 532 +Info 2017-10-17 2017-10-25
5.0
None Remote Low Not required Partial None None
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
40 CVE-2017-15537 200 +Info 2017-10-17 2017-11-01
2.1
None Local Low Not required Partial None None
The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c.
41 CVE-2017-15517 +Info 2017-11-16 2017-11-16
0.0
None ??? ??? ??? ??? ??? ???
AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution.
42 CVE-2017-15302 264 +Info 2017-10-15 2017-11-07
7.2
None Local Low Not required Complete Complete Complete
In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on the system (Windows), including sandboxed users, can issue an ioctl to this driver without any validation. Furthermore, the driver can map any physical page on the system and returns the allocated map page address to the user: that results in an information leak and EoP. NOTE: the vendor indicates that the arbitrary read itself is intentional behavior (for ACPI scan functionality); the security issue is the lack of an ACL.
43 CVE-2017-15280 611 +Info 2017-10-12 2017-10-25
4.3
None Remote Medium Not required Partial None None
XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs.
44 CVE-2017-15277 200 +Info 2017-10-12 2017-11-18
4.3
None Remote Medium Not required Partial None None
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
45 CVE-2017-15236 200 +Info 2017-10-10 2017-11-05
5.0
None Remote Low Not required Partial None None
Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt.
46 CVE-2017-15212 200 +Info 2017-10-10 2017-10-19
4.0
None Remote Low Single system Partial None None
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
47 CVE-2017-15210 200 +Info 2017-10-10 2017-10-19
4.0
None Remote Low Single system Partial None None
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.
48 CVE-2017-15205 200 +Info 2017-10-10 2017-10-19
4.0
None Remote Low Single system Partial None None
In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.
49 CVE-2017-15198 200 +Info 2017-10-10 2017-10-19
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
50 CVE-2017-15042 200 +Info 2017-10-05 2017-11-01
4.3
None Remote Medium Not required Partial None None
An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.
Total number of vulnerabilities : 1463   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.