CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1002153 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
2 CVE-2017-1002151 285 2017-09-14 2017-09-21
5.0
None Remote Low Not required Partial None None
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
3 CVE-2017-1002150 601 CSRF 2017-09-14 2017-09-21
5.8
None Remote Medium Not required Partial Partial None
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection
4 CVE-2017-1002100 200 +Info 2017-09-14 2017-09-29
4.0
None Remote Low Single system Partial None None
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.
5 CVE-2017-1002028 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.
6 CVE-2017-1002027 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.
7 CVE-2017-1002026 89 Sql 2017-09-14 2017-09-20
6.5
None Remote Low Single system Partial Partial Partial
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.
8 CVE-2017-1002025 89 Sql 2017-09-14 2017-09-21
6.5
None Remote Low Single system Partial Partial Partial
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.
9 CVE-2017-1002024 284 2017-09-14 2017-09-27
4.0
None Remote Low Single system None Partial None
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.
10 CVE-2017-1002023 89 Sql 2017-09-14 2017-09-21
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php
11 CVE-2017-1002022 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.
12 CVE-2017-1002021 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.
13 CVE-2017-1002020 89 Sql 2017-09-14 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.
14 CVE-2017-1002019 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
15 CVE-2017-1002018 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
16 CVE-2017-1002017 79 XSS 2017-09-14 2017-09-21
4.3
None Remote Medium Not required None Partial None
Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability.
17 CVE-2017-1002016 434 2017-09-14 2017-09-27
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.
18 CVE-2017-1002015 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.
19 CVE-2017-1002014 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.
20 CVE-2017-1002013 89 Sql 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.
21 CVE-2017-1002012 20 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.
22 CVE-2017-1002011 79 XSS 2017-09-14 2017-09-20
3.5
None Remote Medium Single system None Partial None
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database.
23 CVE-2017-1002010 89 Sql 2017-09-14 2017-09-21
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.
24 CVE-2017-1002009 89 Sql 2017-09-14 2017-09-21
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.
25 CVE-2017-1002008 434 2017-09-14 2017-09-27
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
26 CVE-2017-1002007 285 2017-09-14 2017-09-18
5.0
None Remote Low Not required None Partial None
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.
27 CVE-2017-1002006 285 2017-09-14 2017-09-18
5.0
None Remote Low Not required None Partial None
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.
28 CVE-2017-1002005 20 2017-09-14 2017-09-18
5.0
None Remote Low Not required None Partial None
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query.
29 CVE-2017-1002004 20 2017-09-14 2017-09-18
5.0
None Remote Low Not required None Partial None
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query.
30 CVE-2017-1002003 434 2017-09-14 2017-09-27
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
31 CVE-2017-1002002 434 2017-09-14 2017-09-27
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
32 CVE-2017-1002001 434 2017-09-14 2017-09-27
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
33 CVE-2017-1002000 434 2017-09-14 2017-09-27
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
34 CVE-2017-1001000 264 2017-04-02 2017-07-24
5.0
None Remote Low Not required None Partial None
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.
35 CVE-2017-1000381 200 +Info 2017-07-07 2017-07-17
5.0
None Remote Low Not required Partial None None
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
36 CVE-2017-1000380 200 +Info 2017-06-17 2017-06-21
2.1
None Local Low Not required Partial None None
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
37 CVE-2017-1000379 264 2017-06-19 2017-08-11
7.2
Admin Local Low Not required Complete Complete Complete
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.
38 CVE-2017-1000378 399 Exec Code 2017-06-19 2017-06-29
7.5
None Remote Low Not required Partial Partial Partial
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions.
39 CVE-2017-1000377 119 Overflow Bypass 2017-06-19 2017-07-05
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time).
40 CVE-2017-1000376 119 Exec Code Overflow 2017-06-19 2017-07-05
6.9
None Local Medium Not required Complete Complete Complete
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
41 CVE-2017-1000375 119 Exec Code Overflow 2017-06-19 2017-08-11
7.5
None Remote Low Not required Partial Partial Partial
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.
42 CVE-2017-1000374 284 Exec Code Bypass 2017-06-19 2017-06-29
7.5
None Remote Low Not required Partial Partial Partial
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions.
43 CVE-2017-1000373 400 Exec Code 2017-06-19 2017-09-26
6.4
None Remote Low Not required None Partial Partial
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.
44 CVE-2017-1000372 284 Exec Code Bypass 2017-06-19 2017-06-29
7.5
None Remote Low Not required Partial Partial Partial
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions.
45 CVE-2017-1000371 264 2017-06-19 2017-08-11
7.2
None Local Low Not required Complete Complete Complete
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365. This issue appears to be limited to i386 based systems.
46 CVE-2017-1000370 264 2017-06-19 2017-08-11
7.2
Admin Local Low Not required Complete Complete Complete
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.
47 CVE-2017-1000369 264 Exec Code 2017-06-19 2017-09-25
2.1
None Local Low Not required None Partial None
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
48 CVE-2017-1000368 20 Exec Code 2017-06-05 2017-10-09
7.2
None Local Low Not required Complete Complete Complete
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
49 CVE-2017-1000367 20 Exec Code 2017-06-05 2017-08-12
6.9
None Local Medium Not required Complete Complete Complete
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
50 CVE-2017-1000366 119 Exec Code Overflow 2017-06-19 2017-08-11
7.2
None Local Low Not required Complete Complete Complete
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.