| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
2201 |
CVE-2017-1002101 |
59 |
|
|
2018-03-13 |
2018-04-11 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem. |
|
2202 |
CVE-2017-1002007 |
285 |
|
|
2017-09-14 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. |
|
2203 |
CVE-2017-1002006 |
285 |
|
|
2017-09-14 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. |
|
2204 |
CVE-2017-1002005 |
20 |
|
|
2017-09-14 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. |
|
2205 |
CVE-2017-1002004 |
20 |
|
|
2017-09-14 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. |
|
2206 |
CVE-2017-1001000 |
264 |
|
|
2017-04-02 |
2017-07-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI. |
|
2207 |
CVE-2017-1000500 |
74 |
|
|
2018-01-03 |
2018-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Keycloak SSO versions prior to 2.x are vulnerable to Host Header Injection on the forgot password page causing the application to send a poisoned URL as the password reset link. |
|
2208 |
CVE-2017-1000484 |
601 |
|
|
2018-01-03 |
2018-01-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.) |
|
2209 |
CVE-2017-1000481 |
601 |
|
|
2018-01-03 |
2018-01-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix. |
|
2210 |
CVE-2017-1000477 |
611 |
|
DoS |
2018-01-03 |
2018-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks. |
|
2211 |
CVE-2017-1000472 |
22 |
|
Dir. Trav. |
2018-01-03 |
2018-02-03 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability". |
|
2212 |
CVE-2017-1000470 |
190 |
|
DoS Overflow |
2018-01-03 |
2018-01-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service. |
|
2213 |
CVE-2017-1000448 |
22 |
|
Dir. Trav. |
2018-01-02 |
2018-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host. |
|
2214 |
CVE-2017-1000434 |
601 |
|
|
2018-01-02 |
2018-01-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect'])); |
|
2215 |
CVE-2017-1000419 |
918 |
|
|
2018-01-02 |
2018-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application. |
|
2216 |
CVE-2017-1000417 |
295 |
|
XSS |
2018-01-22 |
2018-02-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates. |
|
2217 |
CVE-2017-1000416 |
17 |
|
|
2018-01-22 |
2018-02-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050. |
|
2218 |
CVE-2017-1000414 |
369 |
|
DoS |
2018-01-25 |
2018-02-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service. |
|
2219 |
CVE-2017-1000412 |
200 |
|
+Info |
2018-01-02 |
2018-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key. |
|
2220 |
CVE-2017-1000411 |
399 |
|
Overflow |
2018-01-31 |
2018-02-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) are removed from network (and thus also from controller's operations DS), the expired entries are still present in CONFIG DS. The attack can originate both from NORTH or SOUTH. The above description is for a north bound attack. A south bound attack can originate when an attacker attempts a flow flooding attack and since flows come with timeouts, the attack is not successful. However, the attacker will now be successful in CONTROLLER overflow attack (resource consumption). Although, the network (actual flow tables) and operational DS are only (~)1% occupied, the controller requests for resource consumption. This happens because the installed flows get removed from the network upon timeout. |
|
2221 |
CVE-2017-1000410 |
200 |
|
Bypass +Info |
2017-12-07 |
2018-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). |
|
2222 |
CVE-2017-1000406 |
254 |
|
|
2017-11-30 |
2017-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart). |
|
2223 |
CVE-2017-1000394 |
20 |
|
|
2018-01-25 |
2018-02-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins. |
|
2224 |
CVE-2017-1000381 |
200 |
|
+Info |
2017-07-07 |
2017-07-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. |
|
2225 |
CVE-2017-1000362 |
200 |
|
+Info |
2017-07-17 |
2017-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present. |
|
2226 |
CVE-2017-1000361 |
399 |
|
|
2017-04-24 |
2017-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources. Component: OpenDaylight is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. |
|
2227 |
CVE-2017-1000360 |
399 |
|
|
2017-04-24 |
2017-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. |
|
2228 |
CVE-2017-1000359 |
399 |
|
|
2017-04-24 |
2017-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. |
|
2229 |
CVE-2017-1000357 |
399 |
|
DoS |
2017-04-24 |
2017-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 (Lithium-SR3), 3.4 (Lithium-SR4), 4.0 (Beryllium), 4.1 (Beryllium-SR1), 4.2 (Beryllium-SR2), and 4.4 (Beryllium-SR4) are affected by this flaw. Java version is openjdk version 1.8.0_91. |
|
2230 |
CVE-2017-1000254 |
119 |
|
Overflow |
2017-10-06 |
2018-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. |
|
2231 |
CVE-2017-1000247 |
20 |
|
|
2017-11-16 |
2017-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. |
|
2232 |
CVE-2017-1000246 |
310 |
|
|
2017-11-16 |
2017-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. |
|
2233 |
CVE-2017-1000245 |
255 |
|
|
2017-11-01 |
2017-11-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. |
|
2234 |
CVE-2017-1000234 |
200 |
|
+Info |
2017-11-16 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter |
|
2235 |
CVE-2017-1000230 |
20 |
|
DoS |
2017-11-17 |
2017-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack. |
|
2236 |
CVE-2017-1000226 |
200 |
|
+Info |
2017-11-17 |
2017-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Stop User Enumeration 1.3.8 allows user enumeration via the REST API |
|
2237 |
CVE-2017-1000211 |
416 |
|
|
2017-11-17 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. |
|
2238 |
CVE-2017-1000200 |
476 |
|
DoS |
2017-11-16 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service |
|
2239 |
CVE-2017-1000199 |
200 |
|
+Info |
2017-11-16 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. |
|
2240 |
CVE-2017-1000198 |
119 |
|
DoS Overflow |
2017-11-16 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service |
|
2241 |
CVE-2017-1000192 |
200 |
|
+Info File Inclusion |
2017-11-17 |
2017-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information. |
|
2242 |
CVE-2017-1000189 |
20 |
|
|
2017-11-16 |
2017-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() |
|
2243 |
CVE-2017-1000171 |
532 |
|
|
2017-11-03 |
2017-11-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text. |
|
2244 |
CVE-2017-1000170 |
22 |
|
Dir. Trav. |
2017-11-17 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
jqueryFileTree 2.1.5 and older Directory Traversal |
|
2245 |
CVE-2017-1000163 |
601 |
|
|
2017-11-17 |
2017-12-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks. |
|
2246 |
CVE-2017-1000156 |
264 |
|
|
2017-11-03 |
2017-11-13 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role. |
|
2247 |
CVE-2017-1000151 |
200 |
|
+Info |
2017-11-03 |
2017-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. |
|
2248 |
CVE-2017-1000142 |
284 |
|
|
2017-11-03 |
2017-11-15 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation. |
|
2249 |
CVE-2017-1000133 |
200 |
|
+Info |
2017-11-03 |
2017-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages. |
|
2250 |
CVE-2017-1000129 |
89 |
|
Sql |
2017-11-17 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure |
