CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1001004 Exec Code 2017-11-27 2017-11-27
0.0
None ??? ??? ??? ??? ??? ???
typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
2 CVE-2017-1001003 2017-11-27 2017-11-27
0.0
None ??? ??? ??? ??? ??? ???
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
3 CVE-2017-1001002 Exec Code 2017-11-27 2017-11-27
0.0
None ??? ??? ??? ??? ??? ???
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
4 CVE-2017-1000410 Bypass 2017-12-07 2017-12-08
0.0
None ??? ??? ??? ??? ??? ???
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes).
5 CVE-2017-1000407 DoS 2017-12-11 2017-12-12
0.0
None ??? ??? ??? ??? ??? ???
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
6 CVE-2017-1000406 2017-11-30 2017-11-30
0.0
None ??? ??? ??? ??? ??? ???
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
7 CVE-2017-1000405 2017-11-30 2017-12-05
0.0
None ??? ??? ??? ??? ??? ???
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.
8 CVE-2017-1000385 2017-12-12 2017-12-16
0.0
None ??? ??? ??? ??? ??? ???
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
9 CVE-2017-1000383 200 +Info 2017-10-31 2017-11-27
2.1
None Local Low Not required Partial None None
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.
10 CVE-2017-1000382 200 +Info 2017-10-31 2017-11-27
2.1
None Local Low Not required Partial None None
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.
11 CVE-2017-1000380 200 +Info 2017-06-17 2017-12-05
2.1
None Local Low Not required Partial None None
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
12 CVE-2017-1000369 264 Exec Code 2017-06-19 2017-11-03
2.1
None Local Low Not required None Partial None
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
13 CVE-2017-1000252 20 DoS 2017-09-26 2017-11-05
2.1
None Local Low Not required None None Partial
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.
14 CVE-2017-1000249 119 Overflow 2017-09-11 2017-11-07
2.1
None Local Low Not required None Partial None
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).
15 CVE-2017-1000242 200 +Info 2017-11-01 2017-11-24
2.1
None Local Low Not required Partial None None
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure
16 CVE-2017-1000214 2017-11-27 2017-11-27
0.0
None ??? ??? ??? ??? ??? ???
GitPHP by xiphux is vulnerable to OS Command Injections
17 CVE-2017-1000201 20 DoS 2017-11-16 2017-12-01
2.1
None Local Low Not required None None Partial
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack
18 CVE-2017-1000159 2017-11-27 2017-12-06
0.0
None ??? ??? ??? ??? ??? ???
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
19 CVE-2017-1000113 200 +Info 2017-10-04 2017-11-01
2.1
None Local Low Not required Partial None None
The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords.
20 CVE-2017-1000092 352 2017-10-04 2017-10-17
2.6
None Remote High Not required Partial None None
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.
21 CVE-2017-17718 2017-12-17 2017-12-17
0.0
None ??? ??? ??? ??? ??? ???
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
22 CVE-2017-17717 2017-12-17 2017-12-17
0.0
None ??? ??? ??? ??? ??? ???
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.
23 CVE-2017-17716 2017-12-17 2017-12-17
0.0
None ??? ??? ??? ??? ??? ???
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.
24 CVE-2017-17715 Dir. Trav. 2017-12-16 2017-12-16
0.0
None ??? ??? ??? ??? ??? ???
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.
25 CVE-2017-17714 XSS 2017-12-16 2017-12-16
0.0
None ??? ??? ??? ??? ??? ???
Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.
26 CVE-2017-17713 Sql 2017-12-16 2017-12-16
0.0
None ??? ??? ??? ??? ??? ???
Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.
27 CVE-2017-17712 Exec Code +Priv 2017-12-15 2017-12-15
0.0
None ??? ??? ??? ??? ??? ???
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.
28 CVE-2017-17701 2017-12-15 2017-12-15
0.0
None ??? ??? ??? ??? ??? ???
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.
29 CVE-2017-17700 2017-12-15 2017-12-15
0.0
None ??? ??? ??? ??? ??? ???
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.
30 CVE-2017-17699 2017-12-15 2017-12-15
0.0
None ??? ??? ??? ??? ??? ???
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request.
31 CVE-2017-17698 XSS 2017-12-15 2017-12-15
0.0
None ??? ??? ??? ??? ??? ???
Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.
32 CVE-2017-17697 2017-12-15 2017-12-15
0.0
None ??? ??? ??? ??? ??? ???
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.
33 CVE-2017-17696 2017-12-15 2017-12-15
0.0
None ??? ??? ??? ??? ??? ???
Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.
34 CVE-2017-17695 Sql 2017-12-15 2017-12-15
0.0
None ??? ??? ??? ??? ??? ???
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.
35 CVE-2017-17694 XSS 2017-12-15 2017-12-15
0.0
None ??? ??? ??? ??? ??? ???
Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter.
36 CVE-2017-17693 2017-12-15 2017-12-15
0.0
None ??? ??? ??? ??? ??? ???
Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.
37 CVE-2017-17684 2017-12-14 2017-12-14
0.0
None ??? ??? ??? ??? ??? ???
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request.
38 CVE-2017-17683 2017-12-14 2017-12-14
0.0
None ??? ??? ??? ??? ??? ???
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.
39 CVE-2017-17682 DoS 2017-12-14 2017-12-14
0.0
None ??? ??? ??? ??? ??? ???
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
40 CVE-2017-17681 DoS 2017-12-14 2017-12-14
0.0
None ??? ??? ??? ??? ??? ???
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
41 CVE-2017-17680 DoS 2017-12-14 2017-12-14
0.0
None ??? ??? ??? ??? ??? ???
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
42 CVE-2017-17672 Exec Code 2017-12-13 2017-12-13
0.0
None ??? ??? ??? ??? ??? ???
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.
43 CVE-2017-17671 Exec Code Dir. Trav. 2017-12-13 2017-12-13
0.0
None ??? ??? ??? ??? ??? ???
vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file.
44 CVE-2017-17670 2017-12-15 2017-12-15
0.0
None ??? ??? ??? ??? ??? ???
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
45 CVE-2017-17669 DoS 2017-12-13 2017-12-13
0.0
None ??? ??? ??? ??? ??? ???
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.
46 CVE-2017-17665 Bypass 2017-12-13 2017-12-13
0.0
None ??? ??? ??? ??? ??? ???
In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.
47 CVE-2017-17664 2017-12-13 2017-12-16
0.0
None ??? ??? ??? ??? ??? ???
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.
48 CVE-2017-17648 Sql 2017-12-13 2017-12-13
0.0
None ??? ??? ??? ??? ??? ???
Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.
49 CVE-2017-17642 Sql 2017-12-13 2017-12-13
0.0
None ??? ??? ??? ??? ??? ???
Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.
50 CVE-2017-17641 Sql 2017-12-13 2017-12-13
0.0
None ??? ??? ??? ??? ??? ???
Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.
Total number of vulnerabilities : 5183   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.