| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
5351 |
CVE-2017-9302 |
369 |
|
DoS |
2017-05-29 |
2017-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file. |
|
5352 |
CVE-2017-9299 |
79 |
|
XSS |
2017-05-29 |
2017-11-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected. |
|
5353 |
CVE-2017-9295 |
611 |
|
|
2017-05-29 |
2017-06-08 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. |
|
5354 |
CVE-2017-9292 |
79 |
|
XSS |
2017-05-29 |
2017-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. |
|
5355 |
CVE-2017-9289 |
79 |
|
XSS |
2017-05-29 |
2017-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter). |
|
5356 |
CVE-2017-9288 |
79 |
|
XSS |
2017-05-29 |
2017-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). |
|
5357 |
CVE-2017-9287 |
415 |
|
|
2017-05-29 |
2018-01-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. |
|
5358 |
CVE-2017-9276 |
79 |
|
XSS |
2018-03-02 |
2018-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter. |
|
5359 |
CVE-2017-9275 |
79 |
|
XSS |
2018-04-26 |
2018-06-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack. |
|
5360 |
CVE-2017-9268 |
275 |
|
DoS |
2018-03-01 |
2018-07-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption). |
|
5361 |
CVE-2017-9262 |
119 |
|
DoS Overflow |
2017-05-29 |
2017-06-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. |
|
5362 |
CVE-2017-9261 |
119 |
|
DoS Overflow |
2017-05-29 |
2017-06-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. |
|
5363 |
CVE-2017-9260 |
119 |
|
DoS Overflow |
2017-07-27 |
2017-08-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file. |
|
5364 |
CVE-2017-9259 |
400 |
|
DoS |
2017-07-27 |
2017-08-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file. |
|
5365 |
CVE-2017-9252 |
79 |
|
XSS |
2017-05-28 |
2017-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action. |
|
5366 |
CVE-2017-9251 |
79 |
|
XSS |
2017-05-28 |
2017-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php. |
|
5367 |
CVE-2017-9247 |
428 |
|
|
2017-08-02 |
2017-08-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges. |
|
5368 |
CVE-2017-9244 |
79 |
|
XSS |
2017-08-02 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a Card. |
|
5369 |
CVE-2017-9243 |
79 |
|
XSS |
2017-05-28 |
2017-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point. |
|
5370 |
CVE-2017-9242 |
20 |
|
DoS |
2017-05-26 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. |
|
5371 |
CVE-2017-9239 |
369 |
|
|
2017-05-26 |
2019-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file. |
|
5372 |
CVE-2017-9223 |
125 |
|
DoS |
2017-06-27 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. |
|
5373 |
CVE-2017-9221 |
125 |
|
DoS |
2017-06-27 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. |
|
5374 |
CVE-2017-9220 |
119 |
|
DoS Overflow |
2017-06-27 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file. |
|
5375 |
CVE-2017-9219 |
119 |
|
DoS Overflow |
2017-06-27 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file. |
|
5376 |
CVE-2017-9218 |
125 |
|
DoS |
2017-06-27 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. |
|
5377 |
CVE-2017-9216 |
476 |
|
|
2017-05-24 |
2017-06-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. |
|
5378 |
CVE-2017-9211 |
476 |
|
DoS |
2017-05-23 |
2017-06-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application. |
|
5379 |
CVE-2017-9210 |
399 |
|
DoS |
2017-05-23 |
2018-05-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3. |
|
5380 |
CVE-2017-9209 |
399 |
|
DoS |
2017-05-23 |
2018-05-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2. |
|
5381 |
CVE-2017-9208 |
399 |
|
DoS |
2017-05-23 |
2018-05-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1. |
|
5382 |
CVE-2017-9207 |
119 |
|
DoS Overflow |
2017-05-23 |
2017-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c. |
|
5383 |
CVE-2017-9206 |
119 |
|
DoS Overflow |
2017-05-23 |
2017-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c. |
|
5384 |
CVE-2017-9205 |
125 |
|
DoS |
2017-05-23 |
2017-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c. |
|
5385 |
CVE-2017-9204 |
125 |
|
DoS |
2017-05-23 |
2017-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c. |
|
5386 |
CVE-2017-9203 |
119 |
|
DoS Overflow |
2017-05-23 |
2017-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c. |
|
5387 |
CVE-2017-9202 |
369 |
|
DoS |
2017-05-23 |
2017-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. |
|
5388 |
CVE-2017-9201 |
369 |
|
DoS |
2017-05-23 |
2017-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. |
|
5389 |
CVE-2017-9147 |
125 |
|
DoS |
2017-05-22 |
2018-03-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. |
|
5390 |
CVE-2017-9145 |
79 |
|
XSS |
2017-06-26 |
2017-07-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. |
|
5391 |
CVE-2017-9144 |
20 |
|
|
2017-05-22 |
2017-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. |
|
5392 |
CVE-2017-9143 |
119 |
|
DoS Overflow |
2017-05-22 |
2017-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. |
|
5393 |
CVE-2017-9142 |
20 |
|
|
2017-05-22 |
2017-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. |
|
5394 |
CVE-2017-9141 |
20 |
|
|
2017-05-22 |
2017-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. |
|
5395 |
CVE-2017-9140 |
79 |
|
XSS |
2017-05-22 |
2018-09-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. |
|
5396 |
CVE-2017-9130 |
125 |
|
DoS |
2017-06-21 |
2017-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. |
|
5397 |
CVE-2017-9129 |
400 |
|
DoS |
2017-06-21 |
2017-07-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (large loop) via a crafted wav file. |
|
5398 |
CVE-2017-9128 |
119 |
|
DoS Overflow |
2017-06-12 |
2017-06-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file. |
|
5399 |
CVE-2017-9127 |
119 |
|
DoS Overflow |
2017-06-12 |
2017-06-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. |
|
5400 |
CVE-2017-9126 |
119 |
|
DoS Overflow |
2017-06-12 |
2017-06-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. |
