CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2017(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000381 200 +Info 2017-07-07 2017-07-17
5.0
None Remote Low Not required Partial None None
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
2 CVE-2017-1000380 200 +Info 2017-06-17 2017-06-21
2.1
None Local Low Not required Partial None None
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
3 CVE-2017-1000362 200 +Info 2017-07-17 2017-07-26
5.0
None Remote Low Not required Partial None None
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present.
4 CVE-2017-1000250 +Info 2017-09-12 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
5 CVE-2017-1000066 200 +Info 2017-07-17 2017-07-20
5.0
None Remote Low Not required Partial None None
The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information.
6 CVE-2017-1000029 200 +Info File Inclusion 2017-07-17 2017-07-21
5.0
None Remote Low Not required Partial None None
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.
7 CVE-2017-1000025 200 +Info 2017-07-17 2017-08-04
5.0
None Remote Low Not required Partial None None
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.
8 CVE-2017-1000024 200 +Info 2017-07-17 2017-08-04
5.0
None Remote Low Not required Partial None None
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to a information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission
9 CVE-2017-14420 +Info 2017-09-13 2017-09-13
0.0
None ??? ??? ??? ??? ??? ???
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
10 CVE-2017-14404 200 +Info File Inclusion 2017-09-12 2017-09-18
5.0
None Remote Low Not required Partial None None
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring.
11 CVE-2017-14269 200 Bypass +Info 2017-09-11 2017-09-15
5.0
None Remote Low Not required Partial None None
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content.
12 CVE-2017-14240 200 +Info 2017-09-11 2017-09-18
5.0
None Remote Low Not required Partial None None
There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter.
13 CVE-2017-14230 DoS +Info 2017-09-10 2017-09-10
0.0
None ??? ??? ??? ??? ??? ???
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.
14 CVE-2017-14156 200 +Info 2017-09-05 2017-09-07
2.1
None Local Low Not required Partial None None
The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.
15 CVE-2017-14140 200 +Info 2017-09-05 2017-09-06
2.1
None Local Low Not required Partial None None
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
16 CVE-2017-14114 200 DoS +Info 2017-09-02 2017-09-19
6.4
None Remote Low Not required Partial None Partial
RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service (communication outage) via crafted RTP packets.
17 CVE-2017-14053 200 +Info 2017-09-01 2017-09-06
5.0
None Remote Low Not required Partial None None
NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
18 CVE-2017-13774 200 +Info 2017-08-30 2017-09-12
2.1
None Local Low Not required Partial None None
Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors.
19 CVE-2017-13771 255 +Info 2017-09-07 2017-09-12
5.0
None Remote Low Not required Partial None None
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.
20 CVE-2017-13761 +Info 2017-09-14 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.
21 CVE-2017-13695 200 Bypass +Info 2017-08-25 2017-08-29
2.1
None Local Low Not required Partial None None
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
22 CVE-2017-13694 200 Bypass +Info 2017-08-25 2017-08-29
2.1
None Local Low Not required Partial None None
The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
23 CVE-2017-13693 200 Bypass +Info 2017-08-25 2017-08-29
4.9
None Local Low Not required Complete None None
The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
24 CVE-2017-13143 200 +Info 2017-08-23 2017-08-25
5.0
None Remote Low Not required Partial None None
In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.
25 CVE-2017-12873 284 +Info 2017-09-01 2017-09-06
7.5
None Remote Low Not required Partial Partial Partial
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
26 CVE-2017-12872 200 +Info 2017-09-01 2017-09-05
4.3
None Remote Medium Not required Partial None None
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.
27 CVE-2017-12870 200 +Info 2017-09-01 2017-09-05
4.3
None Remote Medium Not required Partial None None
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers.
28 CVE-2017-12857 200 +Info 2017-08-25 2017-09-12
4.0
None Remote Low Single system Partial None None
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.
29 CVE-2017-12855 200 +Info 2017-08-15 2017-08-25
2.1
None Local Low Not required Partial None None
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.
30 CVE-2017-12817 200 +Info 2017-08-25 2017-09-01
5.0
None Remote Low Not required Partial None None
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.
31 CVE-2017-12734 200 +Info 2017-08-30 2017-09-13
5.0
None Remote Low Not required Partial None None
A vulnerability has been identified in Siemens LOGO! devices before V1.81.2. An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks.
32 CVE-2017-12710 89 Sql +Info 2017-08-30 2017-09-05
5.0
None Remote Low Not required Partial None None
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.
33 CVE-2017-12677 79 XSS +Info 2017-08-07 2017-08-16
4.3
None Remote Medium Not required None Partial None
IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response.
34 CVE-2017-12419 200 +Info 2017-08-05 2017-08-09
4.0
None Remote Low Single system Partial None None
If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server.
35 CVE-2017-12224 200 +Info 2017-09-07 2017-09-15
4.0
None Remote Low Single system Partial None None
A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the configuration setting Guest access via hyperlinks, which should allow the administrative user to prevent guest users from using hyperlinks to connect to meetings. An attacker could exploit this vulnerability by using a crafted hyperlink to connect to a meeting. An exploit could allow the attacker to connect directly to the meeting with a hyperlink, even though access should be denied. The attacker would still require a valid hyperlink and encoded secret identifier to be connected. Cisco Bug IDs: CSCve20873.
36 CVE-2017-12135 264 DoS +Priv +Info 2017-08-24 2017-08-29
4.6
None Local Low Not required Partial Partial Partial
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
37 CVE-2017-12134 264 DoS +Priv +Info 2017-08-24 2017-08-29
7.2
None Local Low Not required Complete Complete Complete
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.
38 CVE-2017-11706 200 +Info 2017-07-28 2017-08-15
5.0
None Remote Low Not required Partial None None
The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the application was changed to enable SSL logins, was "At the moment that is an accepted risk. We only have https on the checkout part of the site."
39 CVE-2017-11694 798 +Info 2017-07-28 2017-08-15
6.4
None Remote Low Not required Partial Partial None
MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and financial information. The Apache Solr account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for Apache Solr has access to all indexed patient documents.
40 CVE-2017-11693 798 +Info 2017-07-28 2017-08-15
6.4
None Remote Low Not required Partial Partial None
MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. PostgreSQL is used as the Document Management System database. The account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for PostgreSQL has access to the database schema for Document Management System.
41 CVE-2017-11614 798 +Info 2017-07-25 2017-08-03
7.5
None Remote Low Not required Partial Partial Partial
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilizes an IBM i DB2 user account for database access. The account name is HMSCXPDN. Its password is hard-coded in multiple places in the application. Customers do not have the option to change this password. The account has elevated DB2 roles, and can access all objects or database tables on the customer DB2 database. This account can access data through ODBC, FTP, and TELNET. Customers without Connex installed are still vulnerable because the MEDHOST setup program creates this account.
42 CVE-2017-11536 200 +Info 2017-07-22 2017-07-29
4.3
None Remote Medium Not required Partial None None
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c.
43 CVE-2017-11502 200 +Info 2017-07-20 2017-07-25
5.0
None Remote Low Not required Partial None None
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.
44 CVE-2017-11472 284 Bypass +Info 2017-07-20 2017-07-25
3.6
None Local Low Not required Partial Partial None
The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
45 CVE-2017-11448 200 +Info 2017-07-19 2017-07-20
4.3
None Remote Medium Not required Partial None None
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
46 CVE-2017-11435 200 Bypass +Info 2017-07-19 2017-07-25
7.5
None Remote Low Not required Partial Partial Partial
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords.
47 CVE-2017-11387 200 Bypass +Info 2017-08-02 2017-08-05
5.0
None Remote Low Not required Partial None None
Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512.
48 CVE-2017-11356 200 +Info 2017-08-02 2017-09-07
4.0
None Remote Low Single system Partial None None
The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.
49 CVE-2017-11327 200 +Info 2017-07-24 2017-07-28
4.0
None Remote Low Single system Partial None None
An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload.
50 CVE-2017-11325 200 +Info 2017-07-24 2017-07-31
5.0
None Remote Low Not required Partial None None
An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php.
Total number of vulnerabilities : 1199   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.