| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
20251 |
CVE-2017-13713 |
78 |
|
Exec Code |
2017-09-07 |
2019-10-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. |
|
20252 |
CVE-2017-13712 |
476 |
|
DoS |
2017-08-28 |
2017-09-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. |
|
20253 |
CVE-2017-13711 |
416 |
|
DoS |
2017-09-01 |
2018-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. |
|
20254 |
CVE-2017-13710 |
476 |
|
DoS |
2017-08-27 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small. |
|
20255 |
CVE-2017-13709 |
20 |
|
|
2017-08-27 |
2017-09-06 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. |
|
20256 |
CVE-2017-13706 |
611 |
|
DoS +Info |
2017-10-10 |
2017-11-05 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705. |
|
20257 |
CVE-2017-13704 |
20 |
|
|
2017-10-02 |
2018-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. |
|
20258 |
CVE-2017-13702 |
200 |
|
+Info |
2017-11-17 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused. |
|
20259 |
CVE-2017-13701 |
200 |
|
+Info |
2017-11-23 |
2017-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method. |
|
20260 |
CVE-2017-13700 |
79 |
|
XSS |
2017-11-17 |
2017-11-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. |
|
20261 |
CVE-2017-13699 |
326 |
|
|
2017-11-23 |
2018-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it. |
|
20262 |
CVE-2017-13698 |
|
|
|
2017-11-23 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded. |
|
20263 |
CVE-2017-13697 |
79 |
|
XSS |
2017-08-25 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable. |
|
20264 |
CVE-2017-13695 |
200 |
|
Bypass +Info |
2017-08-25 |
2018-09-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. |
|
20265 |
CVE-2017-13694 |
200 |
|
Bypass +Info |
2017-08-25 |
2017-09-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. |
|
20266 |
CVE-2017-13693 |
200 |
|
Bypass +Info |
2017-08-25 |
2017-09-20 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. |
|
20267 |
CVE-2017-13692 |
20 |
|
DoS |
2017-08-25 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. |
|
20268 |
CVE-2017-13685 |
20 |
|
DoS |
2017-08-29 |
2017-08-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. |
|
20269 |
CVE-2017-13684 |
119 |
|
DoS Overflow |
2017-09-29 |
2017-10-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption. |
|
20270 |
CVE-2017-13683 |
772 |
|
|
2017-10-23 |
2019-10-02 |
2.3 |
None |
Local Network |
Medium |
Single system |
None |
None |
Partial |
|
In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code. |
|
20271 |
CVE-2017-13682 |
772 |
|
|
2017-10-23 |
2019-10-02 |
2.3 |
None |
Local Network |
Medium |
Single system |
None |
None |
Partial |
|
In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code. |
|
20272 |
CVE-2017-13681 |
|
|
+Priv |
2017-11-06 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack. |
|
20273 |
CVE-2017-13680 |
|
|
|
2017-11-06 |
2019-10-02 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system. |
|
20274 |
CVE-2017-13679 |
|
|
DoS |
2017-10-10 |
2019-10-02 |
1.4 |
None |
Local Network |
High |
Single system |
None |
None |
Partial |
|
A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. |
|
20275 |
CVE-2017-13678 |
79 |
|
XSS |
2018-04-11 |
2018-05-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application. |
|
20276 |
CVE-2017-13677 |
|
|
|
2018-04-11 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes. |
|
20277 |
CVE-2017-13676 |
94 |
|
|
2017-09-27 |
2017-10-06 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability. |
|
20278 |
CVE-2017-13675 |
|
|
DoS |
2017-10-10 |
2019-10-02 |
2.3 |
None |
Local Network |
Medium |
Single system |
None |
None |
Partial |
|
A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. |
|
20279 |
CVE-2017-13673 |
617 |
|
DoS |
2017-08-29 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function. |
|
20280 |
CVE-2017-13672 |
125 |
|
DoS |
2017-09-01 |
2019-03-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. |
|
20281 |
CVE-2017-13671 |
79 |
|
XSS |
2017-08-24 |
2017-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. |
|
20282 |
CVE-2017-13670 |
|
|
|
2017-08-31 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file. |
|
20283 |
CVE-2017-13668 |
79 |
|
XSS |
2019-05-23 |
2019-05-23 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). |
|
20284 |
CVE-2017-13667 |
918 |
|
|
2019-05-23 |
2019-05-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. |
|
20285 |
CVE-2017-13666 |
191 |
|
|
2017-08-24 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906. |
|
20286 |
CVE-2017-13664 |
200 |
|
Exec Code +Info |
2017-12-01 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file. |
|
20287 |
CVE-2017-13663 |
312 |
|
|
2017-12-01 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. |
|
20288 |
CVE-2017-13658 |
617 |
|
DoS |
2017-08-24 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. |
|
20289 |
CVE-2017-13652 |
20 |
|
|
2018-07-31 |
2018-10-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface. |
|
20290 |
CVE-2017-13649 |
665 |
|
Exec Code |
2017-08-23 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command. |
|
20291 |
CVE-2017-13648 |
772 |
|
|
2017-08-23 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. |
|
20292 |
CVE-2017-13305 |
125 |
|
|
2018-04-04 |
2019-10-02 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. |
|
20293 |
CVE-2017-13304 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999. |
|
20294 |
CVE-2017-13303 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501. |
|
20295 |
CVE-2017-13300 |
20 |
|
DoS |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394. |
|
20296 |
CVE-2017-13299 |
|
|
|
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394. |
|
20297 |
CVE-2017-13298 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051. |
|
20298 |
CVE-2017-13297 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721. |
|
20299 |
CVE-2017-13296 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454. |
|
20300 |
CVE-2017-13295 |
20 |
|
DoS |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability in the Android framework (package installer). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081. |
