| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
651 |
CVE-2017-6705 |
200 |
|
+Info |
2017-07-03 |
2017-07-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1. |
|
652 |
CVE-2017-6696 |
200 |
|
+Info |
2017-06-13 |
2017-06-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2). |
|
653 |
CVE-2017-6695 |
200 |
|
+Info |
2017-06-13 |
2017-06-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839. |
|
654 |
CVE-2017-6694 |
200 |
|
+Info |
2017-06-13 |
2017-06-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839. |
|
655 |
CVE-2017-6693 |
264 |
|
|
2017-06-13 |
2017-06-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected Releases: 2.2(9.76) 2.3(1). |
|
656 |
CVE-2017-6505 |
20 |
|
DoS |
2017-03-15 |
2018-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330. |
|
657 |
CVE-2017-6459 |
119 |
|
Overflow |
2017-03-27 |
2017-10-23 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. |
|
658 |
CVE-2017-6404 |
284 |
|
|
2017-03-02 |
2017-03-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data. |
|
659 |
CVE-2017-6355 |
190 |
|
DoS Overflow |
2017-03-09 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access. |
|
660 |
CVE-2017-6288 |
125 |
|
|
2018-03-12 |
2018-04-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-65482562. Reference: N-CVE-2017-6288. |
|
661 |
CVE-2017-6287 |
125 |
|
|
2018-03-12 |
2018-04-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate.Product: Android. Version: N/A. Android: A-64893264. Reference: N-CVE-2017-6287. |
|
662 |
CVE-2017-6285 |
125 |
|
|
2018-03-12 |
2018-04-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-64893156. Reference: N-CVE-2017-6285. |
|
663 |
CVE-2017-6284 |
326 |
|
|
2018-03-06 |
2018-03-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate. |
|
664 |
CVE-2017-6210 |
476 |
|
DoS |
2017-03-15 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero). |
|
665 |
CVE-2017-6209 |
119 |
|
DoS Overflow |
2017-03-15 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties. |
|
666 |
CVE-2017-6161 |
400 |
|
Bypass |
2017-10-27 |
2017-11-16 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion. |
|
667 |
CVE-2017-6152 |
264 |
|
|
2018-03-08 |
2018-03-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password. |
|
668 |
CVE-2017-6076 |
200 |
|
+Info |
2017-02-23 |
2017-03-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine. |
|
669 |
CVE-2017-5994 |
119 |
|
DoS Overflow |
2017-03-15 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter. |
|
670 |
CVE-2017-5987 |
399 |
|
DoS |
2017-03-20 |
2018-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer. |
|
671 |
CVE-2017-5985 |
264 |
|
|
2017-03-14 |
2018-09-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check. |
|
672 |
CVE-2017-5973 |
399 |
|
DoS |
2017-03-27 |
2018-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. |
|
673 |
CVE-2017-5969 |
476 |
|
DoS |
2017-04-11 |
2017-11-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser." |
|
674 |
CVE-2017-5967 |
200 |
|
+Info |
2017-02-14 |
2017-03-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. |
|
675 |
CVE-2017-5957 |
119 |
|
DoS Overflow |
2017-03-14 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument. |
|
676 |
CVE-2017-5956 |
125 |
|
DoS |
2017-03-20 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index. |
|
677 |
CVE-2017-5937 |
476 |
|
DoS |
2017-03-15 |
2017-03-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command. |
|
678 |
CVE-2017-5898 |
20 |
|
DoS Overflow |
2017-03-15 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit. |
|
679 |
CVE-2017-5786 |
284 |
|
|
2018-02-15 |
2018-03-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14 |
|
680 |
CVE-2017-5704 |
255 |
|
|
2018-07-10 |
2018-09-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges. |
|
681 |
CVE-2017-5699 |
20 |
|
DoS |
2018-01-17 |
2018-02-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Input validation error in Intel MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs. |
|
682 |
CVE-2017-5695 |
20 |
|
DoS |
2017-08-09 |
2017-08-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P, LSF031P, LSF036P, LBF010P, LSMG200, LSF031E, LSF036E, LSMG100, LSF031E, LSF036E, LSDG200, LSF031D, LSF036D allows local users to cause a denial of service via unspecified vectors. |
|
683 |
CVE-2017-5692 |
125 |
|
DoS |
2018-08-01 |
2018-10-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Out-of-bounds read condition in older versions of some Intel Graphics Driver for Windows code branches allows local users to perform a denial of service attack. |
|
684 |
CVE-2017-5686 |
284 |
|
|
2017-04-03 |
2017-04-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information. |
|
685 |
CVE-2017-5685 |
284 |
|
|
2017-04-03 |
2017-04-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information. |
|
686 |
CVE-2017-5684 |
284 |
|
|
2017-04-03 |
2017-04-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. |
|
687 |
CVE-2017-5670 |
200 |
|
+Info |
2017-04-04 |
2017-05-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks. |
|
688 |
CVE-2017-5667 |
399 |
|
DoS Exec Code |
2017-03-16 |
2018-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length. |
|
689 |
CVE-2017-5625 |
476 |
|
|
2017-04-25 |
2017-05-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command. |
|
690 |
CVE-2017-5595 |
200 |
|
+Info File Inclusion |
2017-02-06 |
2017-02-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request. |
|
691 |
CVE-2017-5580 |
119 |
|
DoS Overflow |
2017-03-15 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction. |
|
692 |
CVE-2017-5550 |
200 |
|
+Info |
2017-02-06 |
2017-02-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision. |
|
693 |
CVE-2017-5549 |
532 |
|
+Info |
2017-02-06 |
2018-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. |
|
694 |
CVE-2017-5387 |
538 |
|
|
2018-06-11 |
2018-08-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51. |
|
695 |
CVE-2017-5223 |
200 |
|
+Info |
2017-01-16 |
2017-10-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory. |
|
696 |
CVE-2017-5201 |
200 |
|
+Info |
2017-11-09 |
2017-11-29 |
2.7 |
None |
Local Network |
Low |
Single system |
Partial |
None |
None |
|
NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. |
|
697 |
CVE-2017-5153 |
532 |
|
|
2017-02-13 |
2017-03-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. |
|
698 |
CVE-2017-5107 |
200 |
|
+Info |
2017-10-27 |
2018-01-04 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page. |
|
699 |
CVE-2017-5084 |
284 |
|
|
2017-10-27 |
2017-11-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint. |
|
700 |
CVE-2017-5082 |
200 |
|
+Info |
2017-10-27 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page. |
