| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
5951 |
CVE-2017-1225 |
200 |
|
+Info |
2017-10-26 |
2017-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123904. |
|
5952 |
CVE-2017-1224 |
326 |
|
|
2017-07-19 |
2017-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903. |
|
5953 |
CVE-2017-1223 |
601 |
|
+Info |
2017-07-19 |
2017-07-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123902. |
|
5954 |
CVE-2017-1221 |
255 |
|
|
2017-11-13 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861. |
|
5955 |
CVE-2017-1220 |
200 |
|
+Info |
2017-10-26 |
2017-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860. |
|
5956 |
CVE-2017-1219 |
611 |
|
|
2017-07-19 |
2017-07-25 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859. |
|
5957 |
CVE-2017-1210 |
20 |
|
|
2017-10-24 |
2017-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850. |
|
5958 |
CVE-2017-1197 |
255 |
|
|
2017-06-15 |
2017-06-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672. |
|
5959 |
CVE-2017-1196 |
254 |
|
|
2017-06-07 |
2017-06-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671. |
|
5960 |
CVE-2017-1195 |
601 |
|
+Info |
2017-08-29 |
2017-09-02 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670. |
|
5961 |
CVE-2017-1183 |
89 |
|
Sql |
2017-07-17 |
2017-07-20 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494. |
|
5962 |
CVE-2017-1182 |
77 |
|
Exec Code |
2017-07-17 |
2017-07-20 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493. |
|
5963 |
CVE-2017-1162 |
200 |
|
+Info |
2017-09-12 |
2017-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. |
|
5964 |
CVE-2017-1148 |
200 |
|
+Info |
2017-11-01 |
2017-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201. |
|
5965 |
CVE-2017-1126 |
200 |
|
+Info |
2017-10-03 |
2017-10-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341. |
|
5966 |
CVE-2017-1118 |
254 |
|
|
2017-08-02 |
2017-08-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker to cause the MQIPT to stop responding due to an incorrectly configured security policy. IBM X-Force ID: 121156. |
|
5967 |
CVE-2017-1082 |
20 |
|
Overflow |
2018-09-12 |
2018-11-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern. |
|
5968 |
CVE-2017-0929 |
918 |
|
|
2018-07-03 |
2018-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. |
|
5969 |
CVE-2017-0922 |
285 |
|
Bypass |
2018-03-21 |
2018-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object. |
|
5970 |
CVE-2017-0919 |
306 |
|
Bypass |
2018-07-03 |
2018-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized. |
|
5971 |
CVE-2017-0914 |
89 |
|
Sql |
2018-03-21 |
2018-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database. |
|
5972 |
CVE-2017-0911 |
255 |
|
|
2018-02-09 |
2018-03-14 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-<consumer-key>) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service. |
|
5973 |
CVE-2017-0900 |
20 |
|
DoS |
2017-08-31 |
2019-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. |
|
5974 |
CVE-2017-0897 |
331 |
|
Exec Code |
2017-06-22 |
2017-07-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution. |
|
5975 |
CVE-2017-0883 |
275 |
|
|
2017-04-05 |
2018-12-18 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for. |
|
5976 |
CVE-2017-0851 |
200 |
|
+Info |
2017-11-16 |
2017-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570. |
|
5977 |
CVE-2017-0850 |
200 |
|
+Info |
2017-11-16 |
2017-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941. |
|
5978 |
CVE-2017-0849 |
200 |
|
+Info |
2017-11-16 |
2017-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399. |
|
5979 |
CVE-2017-0848 |
200 |
|
+Info |
2017-11-16 |
2017-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217. |
|
5980 |
CVE-2017-0846 |
200 |
|
+Info |
2018-01-12 |
2018-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810. |
|
5981 |
CVE-2017-0845 |
284 |
|
DoS |
2017-11-16 |
2017-11-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827. |
|
5982 |
CVE-2017-0840 |
200 |
|
+Info |
2017-11-16 |
2017-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670. |
|
5983 |
CVE-2017-0839 |
200 |
|
+Info |
2017-11-16 |
2017-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003. |
|
5984 |
CVE-2017-0825 |
200 |
|
+Info |
2017-10-03 |
2017-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002. |
|
5985 |
CVE-2017-0823 |
200 |
|
+Info |
2017-10-03 |
2017-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655. |
|
5986 |
CVE-2017-0817 |
200 |
|
+Info |
2017-10-03 |
2017-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430. |
|
5987 |
CVE-2017-0813 |
264 |
|
DoS |
2017-10-03 |
2017-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046. |
|
5988 |
CVE-2017-0808 |
200 |
|
+Info |
2017-10-03 |
2017-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183. |
|
5989 |
CVE-2017-0791 |
264 |
|
|
2017-09-08 |
2017-09-12 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302. |
|
5990 |
CVE-2017-0790 |
264 |
|
|
2017-09-08 |
2017-09-12 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101. |
|
5991 |
CVE-2017-0789 |
264 |
|
|
2017-09-08 |
2017-09-12 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102. |
|
5992 |
CVE-2017-0788 |
264 |
|
|
2017-09-08 |
2017-09-12 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103. |
|
5993 |
CVE-2017-0787 |
264 |
|
|
2017-09-08 |
2017-09-12 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104. |
|
5994 |
CVE-2017-0786 |
264 |
|
|
2017-09-08 |
2017-09-12 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101. |
|
5995 |
CVE-2017-0784 |
264 |
|
|
2017-09-08 |
2017-09-15 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958. |
|
5996 |
CVE-2017-0748 |
200 |
|
+Info |
2018-04-05 |
2018-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798. |
|
5997 |
CVE-2017-0603 |
399 |
|
DoS |
2017-05-12 |
2017-05-19 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994. |
|
5998 |
CVE-2017-0497 |
284 |
|
DoS |
2017-03-07 |
2017-07-17 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33300701. |
|
5999 |
CVE-2017-0379 |
200 |
|
+Info |
2017-08-29 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. |
|
6000 |
CVE-2017-0377 |
200 |
|
+Info |
2017-07-02 |
2017-07-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families. |
