CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12551 CVE-2017-3214 312 2017-06-20 2020-05-21
5.0
None Remote Low Not required Partial None None
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary.
12552 CVE-2017-3211 200 +Info 2020-01-15 2020-01-22
5.0
None Remote Low Not required Partial None None
Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization.
12553 CVE-2017-3192 522 Bypass 2017-12-16 2019-10-09
5.0
None Remote Low Not required Partial None None
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.
12554 CVE-2017-3191 20 Bypass 2017-12-16 2019-10-09
5.0
None Remote Low Not required Partial None None
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.
12555 CVE-2017-3185 200 +Info 2017-12-16 2019-10-09
5.0
None Remote Low Not required Partial None None
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.
12556 CVE-2017-3164 918 2019-03-08 2020-12-09
5.0
None Remote Low Not required Partial None None
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
12557 CVE-2017-3163 22 Dir. Trav. 2017-08-30 2018-05-17
5.0
None Remote Low Not required Partial None None
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.
12558 CVE-2017-3160 2018-02-01 2020-04-15
5.8
None Remote Medium Not required Partial Partial None
After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip
12559 CVE-2017-3156 2017-08-10 2021-06-16
5.0
None Remote Low Not required Partial None None
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.
12560 CVE-2017-3154 200 +Info 2017-08-29 2017-09-06
5.0
None Remote Low Not required Partial None None
Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
12561 CVE-2017-3145 416 2019-01-16 2019-10-09
5.0
None Remote Low Not required None None Partial
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.
12562 CVE-2017-3144 400 2019-01-16 2020-01-09
5.0
None Remote Low Not required None None Partial
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
12563 CVE-2017-3139 617 DoS 2019-04-09 2021-05-14
5.0
None Remote Low Not required None None Partial
A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
12564 CVE-2017-3137 617 2019-01-16 2019-10-09
5.0
None Remote Low Not required None None Partial
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
12565 CVE-2017-3130 200 +Info 2017-08-10 2017-08-21
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.
12566 CVE-2017-3126 601 Exec Code 2017-05-27 2017-07-08
5.8
None Remote Medium Not required Partial Partial None
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
12567 CVE-2017-3111 200 +Info 2017-12-09 2017-12-14
5.0
None Remote Low Not required Partial None None
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.
12568 CVE-2017-3110 200 +Info 2017-08-11 2017-08-16
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability.
12569 CVE-2017-3107 200 +Info 2017-08-11 2017-08-16
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.
12570 CVE-2017-3105 601 2017-12-01 2017-12-14
5.8
None Remote Medium Not required Partial Partial None
Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.
12571 CVE-2017-3101 2017-07-17 2019-10-03
5.0
None Remote Low Not required None Partial None
Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack.
12572 CVE-2017-3100 119 Overflow Mem. Corr. 2017-07-17 2019-10-03
5.0
None Remote Low Not required Partial None None
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.
12573 CVE-2017-3091 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-16
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
12574 CVE-2017-3087 200 +Info 2017-06-20 2017-07-08
5.0
None Remote Low Not required Partial None None
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate.
12575 CVE-2017-3085 200 Bypass +Info 2017-08-11 2018-01-05
5.0
None Remote Low Not required Partial None None
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.
12576 CVE-2017-3080 200 Bypass +Info 2017-07-17 2018-01-05
5.0
None Remote Low Not required Partial None None
Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.
12577 CVE-2017-3067 200 +Info 2017-05-09 2017-07-08
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms.
12578 CVE-2017-3009 125 Overflow 2017-03-31 2019-10-03
5.0
None Remote Low Not required Partial None None
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure.
12579 CVE-2017-3000 200 +Info 2017-03-14 2018-01-05
5.0
None Remote Low Not required Partial None None
Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.
12580 CVE-2017-2981 125 2017-02-15 2019-10-03
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
12581 CVE-2017-2980 125 2017-02-15 2019-10-03
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
12582 CVE-2017-2979 125 2017-02-15 2019-10-03
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
12583 CVE-2017-2978 125 2017-02-15 2019-10-03
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
12584 CVE-2017-2977 125 2017-02-15 2019-10-03
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
12585 CVE-2017-2976 125 2017-02-15 2019-10-03
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
12586 CVE-2017-2975 125 2017-02-15 2019-10-03
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
12587 CVE-2017-2974 125 2017-02-15 2019-10-03
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
12588 CVE-2017-2893 476 DoS 2017-11-07 2017-11-28
5.0
None Remote Low Not required None None Partial
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
12589 CVE-2017-2881 20 2017-11-07 2017-11-27
5.8
None Local Network Low Not required Partial Partial Partial
An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.
12590 CVE-2017-2874 200 +Info 2018-09-17 2018-11-20
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication.
12591 CVE-2017-2871 287 2018-04-17 2018-05-22
5.8
None Local Network Low Not required Partial Partial Partial
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image.
12592 CVE-2017-2861 125 DoS 2018-04-05 2018-06-21
5.0
None Remote Low Not required None None Partial
An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
12593 CVE-2017-2860 125 DoS 2018-06-01 2018-07-05
5.0
None Remote Low Not required None None Partial
An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
12594 CVE-2017-2858 125 DoS 2018-06-01 2018-07-03
5.0
None Remote Low Not required None None Partial
An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
12595 CVE-2017-2852 125 DoS 2018-06-01 2018-07-03
5.0
None Remote Low Not required None None Partial
An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
12596 CVE-2017-2831 119 Overflow 2017-06-21 2017-06-27
5.0
None Remote Low Not required None Partial None
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
12597 CVE-2017-2830 119 Overflow 2017-06-21 2017-06-27
5.0
None Remote Low Not required None Partial None
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
12598 CVE-2017-2815 611 DoS 2018-05-15 2018-06-19
5.5
None Remote Low ??? Partial None Partial
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability.
12599 CVE-2017-2786 125 DoS 2017-03-10 2017-03-14
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to an out of bounds read causing a crash and a denial of service.
12600 CVE-2017-2748 254 2019-03-27 2019-03-29
5.0
None Remote Low Not required Partial None None
A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.
Total number of vulnerabilities : 22711   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 (This Page)253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.