CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2017-3184 798 DoS 2017-12-15 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).
1002 CVE-2017-3114 125 2017-12-09 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
1003 CVE-2017-3112 125 2017-12-09 2018-01-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
1004 CVE-2017-3111 200 +Info 2017-12-09 2017-12-14
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.
1005 CVE-2017-3109 79 XSS 2017-12-09 2017-12-14
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet.
1006 CVE-2017-3105 601 2017-12-01 2017-12-14
5.8
None Remote Medium Not required Partial Partial None
Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.
1007 CVE-2017-3104 79 XSS 2017-12-01 2017-12-14
4.3
None Remote Medium Not required None Partial None
Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.
1008 CVE-2017-2886 787 Exec Code Mem. Corr. 2017-12-11 2017-12-27
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability.
1009 CVE-2017-1760 2017-12-11 2019-10-02
3.6
None Local Low Not required Partial None Partial
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.
1010 CVE-2017-1757 89 Sql 2017-12-20 2018-01-03
6.5
None Remote Low Single system Partial Partial Partial
IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.
1011 CVE-2017-1751 79 XSS 2017-12-20 2018-01-05
3.5
None Remote Medium Single system None Partial None
IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546.
1012 CVE-2017-1746 352 CSRF 2017-12-20 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.
1013 CVE-2017-1716 732 2017-12-13 2019-10-02
2.1
None Local Low Not required Partial None None
IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.
1014 CVE-2017-1698 200 +Info 2017-12-27 2018-01-09
5.0
None Remote Low Not required Partial None None
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390.
1015 CVE-2017-1696 20 Exec Code 2017-12-20 2018-01-05
9.0
None Remote Low Single system Complete Complete Complete
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178.
1016 CVE-2017-1694 319 2017-12-20 2019-10-02
4.3
None Remote Medium Not required Partial None None
IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165.
1017 CVE-2017-1683 79 XSS 2017-12-11 2017-12-26
3.5
None Remote Medium Single system None Partial None
IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005.
1018 CVE-2017-1635 416 Exec Code 2017-12-13 2017-12-27
5.2
None Local Network Low Single system Partial Partial Partial
IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243.
1019 CVE-2017-1632 79 XSS 2017-12-11 2017-12-26
3.5
None Remote Medium Single system None Partial None
IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178.
1020 CVE-2017-1631 352 CSRF 2017-12-20 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.
1021 CVE-2017-1613 200 +Info 2017-12-11 2017-12-26
5.0
None Remote Low Not required Partial None None
IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.
1022 CVE-2017-1606 89 Sql 2017-12-11 2017-12-26
6.5
None Remote Low Single system Partial Partial Partial
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926.
1023 CVE-2017-1600 79 XSS 2017-12-20 2018-01-03
3.5
None Remote Medium Single system None Partial None
IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613.
1024 CVE-2017-1598 327 2017-12-20 2019-10-02
5.0
None Remote Low Not required Partial None None
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611.
1025 CVE-2017-1596 200 +Info 2017-12-20 2018-01-03
2.1
None Local Low Not required Partial None None
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550.
1026 CVE-2017-1595 200 +Info 2017-12-20 2018-01-03
2.1
None Local Low Not required Partial None None
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549.
1027 CVE-2017-1558 601 +Info 2017-12-13 2017-12-27
5.8
None Remote Medium Not required Partial Partial None
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.
1028 CVE-2017-1550 2017-12-11 2019-10-02
4.0
None Remote Low Single system None Partial None
IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290.
1029 CVE-2017-1549 79 XSS 2017-12-11 2017-12-20
3.5
None Remote Medium Single system None Partial None
IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289.
1030 CVE-2017-1548 22 Dir. Trav. 2017-12-11 2017-12-20
5.0
None Remote Low Not required Partial None None
IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288.
1031 CVE-2017-1546 79 XSS 2017-12-13 2017-12-27
3.5
None Remote Medium Single system None Partial None
IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915.
1032 CVE-2017-1536 79 XSS 2017-12-11 2017-12-27
3.5
None Remote Medium Single system None Partial None
IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733.
1033 CVE-2017-1507 200 +Info 2017-12-11 2017-12-26
4.0
None Remote Low Single system Partial None None
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.
1034 CVE-2017-1498 79 XSS 2017-12-07 2017-12-19
3.5
None Remote Medium Single system None Partial None
IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020.
1035 CVE-2017-1497 200 +Info 2017-12-07 2017-12-18
4.3
None Remote Medium Not required Partial None None
IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695.
1036 CVE-2017-1494 79 XSS 2017-12-20 2019-04-26
3.5
None Remote Medium Single system None Partial None
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692.
1037 CVE-2017-1487 200 +Info 2017-12-07 2017-12-18
4.0
None Remote Low Single system Partial None None
IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626.
1038 CVE-2017-1482 79 XSS 2017-12-07 2017-12-19
3.5
None Remote Medium Single system None Partial None
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620.
1039 CVE-2017-1481 200 +Info 2017-12-07 2017-12-19
4.0
None Remote Low Single system Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619.
1040 CVE-2017-1465 79 XSS 2017-12-07 2017-12-19
3.5
None Remote Medium Single system None Partial None
IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 128464.
1041 CVE-2017-1433 2017-12-07 2019-10-02
4.0
None Remote Low Single system None None Partial
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.
1042 CVE-2017-1423 200 +Info 2017-12-20 2018-01-05
5.0
None Remote Low Not required Partial None None
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.
1043 CVE-2017-1421 79 XSS 2017-12-13 2017-12-26
4.3
None Remote Medium Not required None Partial None
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
1044 CVE-2017-1365 79 XSS 2017-12-27 2018-01-17
3.5
None Remote Medium Single system None Partial None
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858.
1045 CVE-2017-1356 89 Sql 2017-12-07 2017-12-19
6.5
None Remote Low Single system Partial Partial Partial
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683.
1046 CVE-2017-1355 200 +Info 2017-12-07 2017-12-19
4.3
None Remote Medium Not required Partial None None
IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126682.
1047 CVE-2017-1354 79 XSS 2017-12-07 2017-12-19
3.5
None Remote Medium Single system None Partial None
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126681.
1048 CVE-2017-1353 200 +Info 2017-12-07 2017-12-19
3.5
None Remote Medium Single system Partial None None
IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680.
1049 CVE-2017-1342 200 +Info 2017-12-07 2017-12-19
4.0
None Remote Low Single system Partial None None
IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457.
1050 CVE-2017-1341 2017-12-07 2019-10-02
4.3
None Remote Medium Not required None Partial None
IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.
Total number of vulnerabilities : 1111   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 (This Page)22 23
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.