CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
851 CVE-2017-11301 119 Overflow Mem. Corr. 2017-12-09 2019-10-02
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
852 CVE-2017-11300 119 Overflow Mem. Corr. 2017-12-09 2019-10-02
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
853 CVE-2017-11299 119 Overflow Mem. Corr. 2017-12-09 2019-10-02
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
854 CVE-2017-11298 119 Overflow Mem. Corr. 2017-12-09 2019-10-02
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
855 CVE-2017-11297 119 Overflow Mem. Corr. 2017-12-09 2019-10-02
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
856 CVE-2017-11296 79 XSS 2017-12-09 2017-12-14
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.
857 CVE-2017-11295 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
858 CVE-2017-11294 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-26
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
859 CVE-2017-11293 119 Exec Code Overflow Mem. Corr. 2017-12-09 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
860 CVE-2017-11291 918 Bypass 2017-12-09 2017-12-14
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.
861 CVE-2017-11290 1021 2017-12-09 2019-10-02
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks.
862 CVE-2017-11289 79 XSS 2017-12-09 2017-12-14
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
863 CVE-2017-11288 79 XSS 2017-12-09 2017-12-14
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
864 CVE-2017-11287 79 XSS 2017-12-09 2017-12-14
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
865 CVE-2017-11286 611 2017-12-01 2017-12-14
5.0
None Remote Low Not required Partial None None
Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
866 CVE-2017-11285 79 XSS 2017-12-01 2017-12-14
4.3
None Remote Medium Not required None Partial None
Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
867 CVE-2017-11284 502 2017-12-01 2017-12-14
7.5
None Remote Low Not required Partial Partial Partial
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
868 CVE-2017-11283 502 2017-12-01 2017-12-14
7.5
None Remote Low Not required Partial Partial Partial
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
869 CVE-2017-11282 119 Exec Code Overflow Mem. Corr. 2017-12-01 2017-12-14
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
870 CVE-2017-11281 119 Exec Code Overflow Mem. Corr. 2017-12-01 2017-12-14
7.5
None Remote Low Not required Partial Partial Partial
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
871 CVE-2017-11273 200 +Info 2017-12-09 2017-12-14
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure.
872 CVE-2017-11225 416 Exec Code Mem. Corr. +Info 2017-12-09 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
873 CVE-2017-11215 416 Exec Code Mem. Corr. +Info 2017-12-09 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
874 CVE-2017-11213 125 Overflow 2017-12-09 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
875 CVE-2017-11049 119 Overflow 2017-12-05 2017-12-19
4.4
None Local Medium Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a video driver, a race condition exists which can potentially lead to a buffer overflow.
876 CVE-2017-11047 119 Overflow 2017-12-05 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a graphics driver ioctl handler, the lack of copy_from_user() function calls may result in writes to kernel memory.
877 CVE-2017-11045 416 2017-12-05 2017-12-19
4.4
None Local Medium Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free condition.
878 CVE-2017-11044 416 2017-12-05 2017-12-19
4.4
None Local Medium Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free condition.
879 CVE-2017-11043 190 Overflow 2017-12-05 2019-04-29
9.3
None Remote Medium Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially occur.
880 CVE-2017-11042 862 2017-12-05 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control.
881 CVE-2017-11033 416 2017-12-05 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the coresight-tmc driver, a simultaneous read and enable of the ETR device after changing the buffer size may result in a Use After Free condition of the previous buffer.
882 CVE-2017-11031 416 2017-12-05 2017-12-19
5.0
None Remote Low Not required Partial None None
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command can be used to cause a Use After Free condition.
883 CVE-2017-11030 119 Overflow 2017-12-05 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the HDMI video driver function hdmi_edid_sysfs_rda_res_info(), userspace can perform an arbitrary write into kernel memory.
884 CVE-2017-11019 119 Overflow 2017-12-05 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the fd allocated during the get_metadata was not closed even though the buffer allocated to the fd was freed. This resulted in a failure during exit sequence.
885 CVE-2017-11016 404 2017-12-05 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when memory allocation fails while creating a calibration block in create_cal_block stale pointers are left uncleared.
886 CVE-2017-11007 119 Overflow 2017-12-05 2017-12-15
7.2
None Local Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash.
887 CVE-2017-11006 416 2017-12-05 2017-12-15
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during positioning.
888 CVE-2017-11005 416 2017-12-05 2017-12-15
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during a deinitialization path.
889 CVE-2017-10959 416 Exec Code 2017-12-20 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4981.
890 CVE-2017-10958 416 Exec Code 2017-12-20 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the value attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4980.
891 CVE-2017-10957 416 Exec Code 2017-12-20 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the arrowEnd attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4979.
892 CVE-2017-10956 125 Exec Code 2017-12-20 2019-10-09
4.3
None Remote Medium Not required Partial None None
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index member of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4978.
893 CVE-2017-10910 674 2017-12-27 2019-10-02
4.0
None Remote Low Single system None None Partial
MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.
894 CVE-2017-10909 426 +Priv 2017-12-22 2018-01-09
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
895 CVE-2017-10908 20 DoS 2017-12-22 2018-01-04
5.0
None Remote Low Not required None None Partial
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.
896 CVE-2017-10907 22 Dir. Trav. 2017-12-22 2018-01-09
4.0
None Remote Low Single system None Partial None
Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.
897 CVE-2017-10906 Exec Code 2017-12-08 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
898 CVE-2017-10905 2017-12-15 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.
899 CVE-2017-10904 78 Exec Code 2017-12-15 2017-12-28
7.5
None Remote Low Not required Partial Partial Partial
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
900 CVE-2017-10903 287 2017-12-01 2017-12-12
10.0
None Remote Low Not required Complete Complete Complete
Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.
Total number of vulnerabilities : 1111   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 (This Page)19 20 21 22 23
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.