| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
4951 |
CVE-2017-9049 |
119 |
|
Overflow |
2017-05-18 |
2017-11-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. |
|
4952 |
CVE-2017-9048 |
119 |
|
Overflow |
2017-05-18 |
2017-11-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. |
|
4953 |
CVE-2017-9047 |
119 |
|
Overflow |
2017-05-18 |
2017-11-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash. |
|
4954 |
CVE-2017-9035 |
200 |
|
+Info |
2017-05-25 |
2017-06-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers. |
|
4955 |
CVE-2017-9030 |
22 |
|
Dir. Trav. Bypass |
2017-05-17 |
2017-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files. |
|
4956 |
CVE-2017-9024 |
22 |
|
Dir. Trav. |
2017-05-21 |
2017-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname. |
|
4957 |
CVE-2017-9022 |
20 |
|
DoS |
2017-06-08 |
2019-04-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. |
|
4958 |
CVE-2017-9000 |
200 |
|
+Info |
2018-08-06 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise. |
|
4959 |
CVE-2017-8982 |
264 |
|
Bypass |
2018-02-15 |
2018-05-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found. |
|
4960 |
CVE-2017-8980 |
200 |
|
+Info |
2018-02-15 |
2018-02-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. |
|
4961 |
CVE-2017-8970 |
200 |
|
+Info |
2018-02-15 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A remote unauthenticated disclosure of information vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. |
|
4962 |
CVE-2017-8952 |
200 |
|
+Info |
2018-02-15 |
2018-03-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. |
|
4963 |
CVE-2017-8945 |
601 |
|
|
2018-02-15 |
2018-03-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found. |
|
4964 |
CVE-2017-8929 |
416 |
|
DoS |
2017-05-14 |
2017-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule. |
|
4965 |
CVE-2017-8921 |
22 |
|
Dir. Trav. |
2017-05-12 |
2017-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956. |
|
4966 |
CVE-2017-8915 |
20 |
|
DoS |
2017-05-23 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694. |
|
4967 |
CVE-2017-8893 |
119 |
|
DoS Overflow |
2017-07-02 |
2017-07-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service. |
|
4968 |
CVE-2017-8868 |
22 |
|
Dir. Trav. CSRF |
2017-05-10 |
2017-05-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF. |
|
4969 |
CVE-2017-8863 |
200 |
|
+Info |
2017-11-22 |
2017-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser. |
|
4970 |
CVE-2017-8860 |
200 |
|
+Info |
2017-11-22 |
2017-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request. |
|
4971 |
CVE-2017-8855 |
284 |
|
|
2017-05-09 |
2017-05-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key. |
|
4972 |
CVE-2017-8840 |
200 |
|
+Info |
2017-06-05 |
2017-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid. |
|
4973 |
CVE-2017-8837 |
255 |
|
|
2017-06-05 |
2017-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. |
|
4974 |
CVE-2017-8825 |
476 |
|
|
2017-05-08 |
2017-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses. |
|
4975 |
CVE-2017-8821 |
119 |
|
DoS Overflow |
2017-12-03 |
2017-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011. |
|
4976 |
CVE-2017-8820 |
476 |
|
DoS |
2017-12-03 |
2017-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010. |
|
4977 |
CVE-2017-8819 |
284 |
|
|
2017-12-03 |
2017-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue. |
|
4978 |
CVE-2017-8815 |
20 |
|
|
2017-11-15 |
2017-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules. |
|
4979 |
CVE-2017-8814 |
20 |
|
|
2017-11-15 |
2017-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk." |
|
4980 |
CVE-2017-8812 |
284 |
|
|
2017-11-15 |
2017-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline. |
|
4981 |
CVE-2017-8810 |
200 |
|
+Info |
2017-11-15 |
2017-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests. |
|
4982 |
CVE-2017-8776 |
254 |
|
|
2017-05-04 |
2017-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product. |
|
4983 |
CVE-2017-8769 |
200 |
|
+Info |
2017-05-18 |
2017-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion, or who expect encryption (consistent with the application's use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not "consider these to be security issues" because a user may legitimately want to preserve any file for use "in other apps like the Google Photos gallery" regardless of whether its associated chat is deleted. |
|
4984 |
CVE-2017-8700 |
284 |
|
Bypass |
2017-11-14 |
2018-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability". |
|
4985 |
CVE-2017-8650 |
254 |
|
Bypass |
2017-08-08 |
2017-08-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". |
|
4986 |
CVE-2017-8621 |
601 |
|
|
2017-07-11 |
2017-07-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability". |
|
4987 |
CVE-2017-8585 |
20 |
|
DoS |
2017-07-11 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability. |
|
4988 |
CVE-2017-8563 |
264 |
|
|
2017-07-11 |
2017-07-14 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability". |
|
4989 |
CVE-2017-8530 |
254 |
|
Bypass |
2017-06-14 |
2017-07-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555. |
|
4990 |
CVE-2017-8516 |
200 |
|
+Info |
2017-08-08 |
2017-08-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability". |
|
4991 |
CVE-2017-8452 |
769 |
|
|
2017-06-16 |
2017-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes. |
|
4992 |
CVE-2017-8451 |
601 |
|
|
2017-06-16 |
2017-07-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. |
|
4993 |
CVE-2017-8447 |
284 |
|
+Priv |
2017-09-28 |
2017-10-11 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index. |
|
4994 |
CVE-2017-8412 |
119 |
|
Exec Code Overflow |
2019-07-02 |
2019-07-10 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP VERB sent by the user and uses a vulnerable sprintf function at address 0x0000C3D4 in the function sub_C210 to copy the value into a string and then into a log file. Since there is no bounds check being performed on the environment variable at address 0x0000C360 this results in a stack overflow and overwrites the PC register allowing an attacker to execute buffer overflow or even a command injection attack. |
|
4995 |
CVE-2017-8409 |
285 |
|
|
2019-07-02 |
2019-07-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. |
|
4996 |
CVE-2017-8405 |
287 |
|
|
2019-07-02 |
2019-07-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a user should be authenticated or not before allowing access to the video feed. By default, the value for this flag is zero and can be set/unset using the HTTP interface and network settings tab as shown below. The device requires that a user logging to the HTTP management interface of the device to provide a valid username and password. However, the device does not enforce the same restriction by default on RTSP URL due to the checkbox unchecked by default, thereby allowing any attacker in possession of external IP address of the camera to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. |
|
4997 |
CVE-2017-8398 |
119 |
|
Overflow |
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. |
|
4998 |
CVE-2017-8397 |
119 |
|
Overflow |
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. |
|
4999 |
CVE-2017-8396 |
20 |
|
|
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. |
|
5000 |
CVE-2017-8395 |
476 |
|
|
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. |
