# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
17401 |
CVE-2017-1000381 |
200 |
|
+Info |
2017-07-07 |
2017-07-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. |
17402 |
CVE-2017-1000380 |
200 |
|
+Info |
2017-06-17 |
2017-12-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. |
17403 |
CVE-2017-1000377 |
119 |
|
Overflow Bypass |
2017-06-19 |
2017-07-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time). |
17404 |
CVE-2017-1000376 |
119 |
|
Exec Code Overflow |
2017-06-19 |
2019-04-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. |
17405 |
CVE-2017-1000373 |
400 |
|
Exec Code |
2017-06-19 |
2017-10-23 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions. |
17406 |
CVE-2017-1000369 |
404 |
|
Exec Code |
2017-06-19 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. |
17407 |
CVE-2017-1000367 |
362 |
|
Exec Code |
2017-06-05 |
2019-10-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. |
17408 |
CVE-2017-1000364 |
119 |
|
Overflow Bypass |
2017-06-19 |
2018-10-18 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). |
17409 |
CVE-2017-1000362 |
200 |
|
+Info |
2017-07-17 |
2017-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present. |
17410 |
CVE-2017-1000361 |
|
|
|
2017-04-24 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources. Component: OpenDaylight is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. |
17411 |
CVE-2017-1000360 |
476 |
|
|
2017-04-24 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. |
17412 |
CVE-2017-1000359 |
400 |
|
|
2017-04-24 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. |
17413 |
CVE-2017-1000358 |
476 |
|
|
2017-04-24 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is affected by this flaw. |
17414 |
CVE-2017-1000357 |
400 |
|
DoS |
2017-04-24 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 (Lithium-SR3), 3.4 (Lithium-SR4), 4.0 (Beryllium), 4.1 (Beryllium-SR1), 4.2 (Beryllium-SR2), and 4.4 (Beryllium-SR4) are affected by this flaw. Java version is openjdk version 1.8.0_91. |
17415 |
CVE-2017-1000356 |
352 |
|
|
2018-01-29 |
2018-02-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts. |
17416 |
CVE-2017-1000355 |
502 |
|
|
2018-01-29 |
2018-02-15 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void. |
17417 |
CVE-2017-1000354 |
287 |
|
|
2018-01-29 |
2018-02-15 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance. |
17418 |
CVE-2017-1000257 |
119 |
|
Overflow |
2017-10-31 |
2018-11-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded. |
17419 |
CVE-2017-1000256 |
295 |
|
|
2017-10-31 |
2019-09-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. |
17420 |
CVE-2017-1000255 |
787 |
|
|
2017-10-30 |
2018-04-10 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable. |
17421 |
CVE-2017-1000254 |
119 |
|
Overflow |
2017-10-06 |
2018-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. |
17422 |
CVE-2017-1000252 |
20 |
|
DoS |
2017-09-26 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c. |
17423 |
CVE-2017-1000250 |
200 |
|
+Info |
2017-09-12 |
2018-02-16 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. |
17424 |
CVE-2017-1000249 |
119 |
|
Overflow |
2017-09-11 |
2017-11-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). |
17425 |
CVE-2017-1000247 |
20 |
|
|
2017-11-16 |
2017-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. |
17426 |
CVE-2017-1000246 |
330 |
|
|
2017-11-16 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. |
17427 |
CVE-2017-1000245 |
522 |
|
|
2017-11-01 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. |
17428 |
CVE-2017-1000244 |
352 |
|
CSRF |
2017-11-01 |
2019-05-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification |
17429 |
CVE-2017-1000243 |
732 |
|
|
2017-11-01 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites |
17430 |
CVE-2017-1000242 |
200 |
|
+Info |
2017-11-01 |
2017-11-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure |
17431 |
CVE-2017-1000241 |
269 |
|
|
2017-11-16 |
2019-10-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators. |
17432 |
CVE-2017-1000240 |
79 |
|
XSS |
2017-11-16 |
2017-11-30 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML. |
17433 |
CVE-2017-1000239 |
79 |
|
XSS |
2017-11-16 |
2017-11-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site. |
17434 |
CVE-2017-1000238 |
434 |
|
|
2017-11-16 |
2017-11-30 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver. |
17435 |
CVE-2017-1000236 |
79 |
|
XSS |
2017-11-16 |
2017-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site. |
17436 |
CVE-2017-1000234 |
200 |
|
+Info |
2017-11-16 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter |
17437 |
CVE-2017-1000230 |
20 |
|
DoS |
2017-11-17 |
2017-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack. |
17438 |
CVE-2017-1000229 |
190 |
|
DoS Exec Code Overflow |
2017-11-17 |
2019-05-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. |
17439 |
CVE-2017-1000227 |
79 |
|
XSS |
2017-11-17 |
2019-08-24 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can |
17440 |
CVE-2017-1000226 |
200 |
|
+Info |
2017-11-17 |
2017-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Stop User Enumeration 1.3.8 allows user enumeration via the REST API |
17441 |
CVE-2017-1000225 |
79 |
|
XSS |
2017-11-17 |
2017-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can |
17442 |
CVE-2017-1000224 |
352 |
|
CSRF |
2017-11-16 |
2017-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin |
17443 |
CVE-2017-1000223 |
79 |
|
XSS |
2017-11-17 |
2017-12-01 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS. |
17444 |
CVE-2017-1000221 |
732 |
|
|
2017-11-17 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X. |
17445 |
CVE-2017-1000217 |
74 |
|
Exec Code |
2017-11-17 |
2019-04-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0. |
17446 |
CVE-2017-1000213 |
79 |
|
XSS |
2017-11-16 |
2017-11-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search |
17447 |
CVE-2017-1000211 |
416 |
|
|
2017-11-17 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. |
17448 |
CVE-2017-1000209 |
295 |
|
|
2017-11-16 |
2017-12-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate. |
17449 |
CVE-2017-1000208 |
502 |
|
Exec Code |
2017-11-16 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification. |
17450 |
CVE-2017-1000207 |
502 |
|
Exec Code |
2017-11-27 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification. |