CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
801 CVE-2017-15272 255 2017-11-15 2018-10-09
2.1
None Local Low Not required Partial None None
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password.
802 CVE-2017-15112 200 +Info 2018-01-19 2019-08-06
2.1
None Local Low Not required Partial None None
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
803 CVE-2017-15104 200 +Info 2017-12-18 2018-01-12
2.1
None Local Low Not required Partial None None
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
804 CVE-2017-15096 476 DoS 2017-10-26 2017-11-14
2.1
None Local Low Not required None None Partial
A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service.
805 CVE-2017-14991 200 +Info 2017-10-03 2018-08-24
2.1
None Local Low Not required Partial None None
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.
806 CVE-2017-14954 200 Bypass +Info 2017-10-01 2017-10-06
2.1
None Local Low Not required Partial None None
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.
807 CVE-2017-14893 125 2018-07-06 2018-08-27
2.1
None Local Low Not required Partial None None
While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
808 CVE-2017-14872 125 2018-07-06 2018-08-27
2.1
None Local Low Not required Partial None None
While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
809 CVE-2017-14772 200 +Info 2017-10-02 2017-10-11
2.1
None Local Low Not required Partial None None
Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts.
810 CVE-2017-14770 200 +Info 2017-10-02 2017-10-11
2.1
None Local Low Not required Partial None None
Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process.
811 CVE-2017-14737 310 2017-09-25 2017-10-10
2.1
None Local Low Not required Partial None None
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.
812 CVE-2017-14681 264 Exec Code 2017-09-21 2017-10-05
2.1
None Local Low Not required None None Partial
The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan.
813 CVE-2017-14428 264 2017-09-13 2017-09-20
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.
814 CVE-2017-14427 264 2017-09-13 2017-09-20
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.
815 CVE-2017-14426 264 2017-09-13 2017-09-20
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.
816 CVE-2017-14425 264 2017-09-13 2017-09-20
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.
817 CVE-2017-14424 264 2017-09-13 2017-09-20
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.
818 CVE-2017-14156 200 +Info 2017-09-05 2018-03-15
2.1
None Local Low Not required Partial None None
The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.
819 CVE-2017-14140 200 +Info 2017-09-05 2018-04-11
2.1
None Local Low Not required Partial None None
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
820 CVE-2017-14025 20 2017-11-06 2017-11-28
2.1
None Local Low Not required Partial None None
An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.
821 CVE-2017-14014 320 2018-05-01 2018-06-13
2.1
None Local Low Not required Partial None None
Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
822 CVE-2017-14012 310 2018-05-01 2018-06-13
2.1
None Local Low Not required Partial None None
Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
823 CVE-2017-13851 284 Bypass 2018-04-03 2018-05-04
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files.
824 CVE-2017-13844 200 +Info 2017-11-12 2019-04-29
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.
825 CVE-2017-13839 200 +Info 2018-04-03 2018-05-04
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Spotlight" component. It allows local users to see results for other users' files.
826 CVE-2017-13817 125 Bypass 2017-11-12 2017-11-27
2.1
None Local Low Not required Partial None None
An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions.
827 CVE-2017-13810 200 +Info 2017-11-12 2017-11-27
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters.
828 CVE-2017-13805 200 +Info 2017-11-12 2017-11-28
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to obtain sensitive information via a Siri request for private-content notifications that should not have been available in the lock-screen state.
829 CVE-2017-13801 200 +Info 2017-11-12 2017-11-27
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search.
830 CVE-2017-13786 200 +Info 2017-11-12 2017-11-27
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted Thunderbolt adapter.
831 CVE-2017-13774 200 +Info 2017-08-30 2017-09-12
2.1
None Local Low Not required Partial None None
Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors.
832 CVE-2017-13760 119 Overflow 2017-08-29 2017-09-01
2.1
None Local Low Not required None None Partial
In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a.
833 CVE-2017-13756 119 Overflow 2017-08-29 2017-09-01
2.1
None Local Low Not required None None Partial
In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls.
834 CVE-2017-13755 119 Overflow 2017-08-29 2017-09-01
2.1
None Local Low Not required None None Partial
In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls.
835 CVE-2017-13695 200 Bypass +Info 2017-08-25 2018-09-11
2.1
None Local Low Not required Partial None None
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
836 CVE-2017-13694 200 Bypass +Info 2017-08-25 2017-09-20
2.1
None Local Low Not required Partial None None
The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
837 CVE-2017-13683 119 Overflow 2017-10-23 2017-11-17
2.3
None Local Network Medium Single system None None Partial
In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code.
838 CVE-2017-13682 119 Overflow 2017-10-23 2017-11-16
2.3
None Local Network Medium Single system None None Partial
In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code.
839 CVE-2017-13675 19 DoS 2017-10-10 2017-11-05
2.3
None Local Network Medium Single system None None Partial
A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
840 CVE-2017-13672 125 DoS 2017-09-01 2019-03-28
2.1
None Local Low Not required None None Partial
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
841 CVE-2017-13666 191 2017-08-24 2017-09-07
2.1
None Local Low Not required None None Partial
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906.
842 CVE-2017-13649 264 Exec Code 2017-08-23 2017-09-03
2.1
None Local Low Not required None None Partial
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command.
843 CVE-2017-13290 125 2018-04-04 2018-05-09
2.1
None Local Low Not required Partial None None
In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69384124.
844 CVE-2017-13088 254 2017-10-17 2018-07-18
2.9
None Local Network Medium Not required None Partial None
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
845 CVE-2017-13087 254 2017-10-17 2018-05-16
2.9
None Local Network Medium Not required None Partial None
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
846 CVE-2017-13081 254 2017-10-17 2018-11-13
2.9
None Local Network Medium Not required None Partial None
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
847 CVE-2017-13080 254 2017-10-17 2018-11-13
2.9
None Local Network Medium Not required None Partial None
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
848 CVE-2017-13079 254 2017-10-17 2018-11-13
2.9
None Local Network Medium Not required None Partial None
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
849 CVE-2017-13078 254 2017-10-17 2018-11-13
2.9
None Local Network Medium Not required None Partial None
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
850 CVE-2017-12855 200 +Info 2017-08-15 2017-11-14
2.1
None Local Low Not required Partial None None
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.
Total number of vulnerabilities : 4561   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 (This Page)18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.