# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
2451 |
CVE-2017-15963 |
89 |
|
Sql |
2017-10-29 |
2017-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter. |
2452 |
CVE-2017-15962 |
434 |
|
|
2017-10-29 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
iStock Management System 1.0 allows Arbitrary File Upload via user/profile. |
2453 |
CVE-2017-15961 |
89 |
|
Sql |
2017-10-29 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php. |
2454 |
CVE-2017-15960 |
89 |
|
Sql |
2017-10-29 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. |
2455 |
CVE-2017-15959 |
89 |
|
Sql |
2017-10-29 |
2017-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576. |
2456 |
CVE-2017-15958 |
89 |
|
Sql |
2017-10-29 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php. |
2457 |
CVE-2017-15951 |
20 |
|
DoS |
2017-10-27 |
2017-11-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. |
2458 |
CVE-2017-15946 |
89 |
|
Sql |
2017-10-27 |
2017-11-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET. |
2459 |
CVE-2017-15945 |
264 |
|
+Priv |
2017-10-27 |
2017-11-14 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. |
2460 |
CVE-2017-15944 |
264 |
|
Exec Code |
2017-12-11 |
2018-05-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. |
2461 |
CVE-2017-15924 |
77 |
|
|
2017-10-27 |
2017-11-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. |
2462 |
CVE-2017-15919 |
89 |
|
Sql |
2017-10-26 |
2017-11-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. |
2463 |
CVE-2017-15909 |
798 |
|
|
2017-10-25 |
2017-11-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. |
2464 |
CVE-2017-15907 |
89 |
|
Exec Code Sql |
2017-10-26 |
2017-11-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. |
2465 |
CVE-2017-15883 |
287 |
|
DoS +Priv Bypass |
2018-01-08 |
2018-02-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography. |
2466 |
CVE-2017-15875 |
89 |
|
Exec Code Sql |
2017-12-18 |
2018-01-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. |
2467 |
CVE-2017-15870 |
284 |
|
+Priv |
2017-12-11 |
2017-12-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking." |
2468 |
CVE-2017-15868 |
264 |
|
+Priv |
2017-12-05 |
2018-03-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. |
2469 |
CVE-2017-15862 |
190 |
|
Overflow |
2018-02-23 |
2018-03-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow. |
2470 |
CVE-2017-15861 |
129 |
|
|
2018-02-23 |
2018-03-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation. |
2471 |
CVE-2017-15836 |
190 |
|
Overflow |
2018-04-03 |
2018-05-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if the firmware sends a service ready event to the host with a large number in the num_hw_modes or num_phy, then it could result in an integer overflow which may potentially lead to a buffer overflow. |
2472 |
CVE-2017-15821 |
119 |
|
Overflow |
2018-03-15 |
2018-04-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_p2p_noa_event_handler(), there is no bound check on a value coming from firmware which can potentially lead to a buffer overwrite. |
2473 |
CVE-2017-15820 |
416 |
|
|
2018-02-23 |
2018-03-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur. |
2474 |
CVE-2017-15818 |
190 |
|
Overflow |
2018-09-18 |
2018-11-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if the application partition size is rounded up to page_size. |
2475 |
CVE-2017-15813 |
119 |
|
Overflow |
2017-12-05 |
2017-12-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs. |
2476 |
CVE-2017-15804 |
119 |
|
Overflow |
2017-10-22 |
2018-06-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. |
2477 |
CVE-2017-15714 |
74 |
|
Exec Code XSS Bypass |
2018-01-04 |
2018-01-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would execute. |
2478 |
CVE-2017-15708 |
74 |
|
Exec Code |
2017-12-11 |
2018-01-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version. |
2479 |
CVE-2017-15702 |
264 |
|
|
2017-12-01 |
2017-12-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected. |
2480 |
CVE-2017-15697 |
20 |
|
Exec Code |
2018-01-23 |
2018-02-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release. |
2481 |
CVE-2017-15692 |
502 |
|
Exec Code +Priv |
2018-02-27 |
2018-03-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath. |
2482 |
CVE-2017-15670 |
119 |
|
Overflow |
2017-10-20 |
2018-06-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. |
2483 |
CVE-2017-15654 |
284 |
|
|
2018-01-31 |
2018-02-21 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. |
2484 |
CVE-2017-15643 |
444 |
|
Exec Code |
2017-10-19 |
2017-11-14 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client to initiate an update transaction by modifying an update field within an HTTP 200 response, so that it refers to a nonexistent update. The attacker then modifies the HTTP 404 response so that it specifies a successfully found update, with a Trojan horse executable file (e.g., guardxup.exe) and the correct CRC32 checksum for that file. |
2485 |
CVE-2017-15607 |
22 |
|
Dir. Trav. |
2017-12-01 |
2017-12-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. |
2486 |
CVE-2017-15595 |
400 |
|
DoS +Priv |
2017-10-18 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking. |
2487 |
CVE-2017-15592 |
264 |
|
DoS +Priv |
2017-10-18 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests. |
2488 |
CVE-2017-15580 |
434 |
|
|
2017-10-23 |
2018-08-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content. |
2489 |
CVE-2017-15579 |
89 |
|
Sql |
2017-10-17 |
2017-11-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. |
2490 |
CVE-2017-15575 |
254 |
|
+Info |
2017-10-17 |
2018-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact. |
2491 |
CVE-2017-15567 |
284 |
|
+Priv |
2017-10-23 |
2018-10-01 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
** DISPUTED ** The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via unspecified vectors. NOTE: the vendor disputes this because there is no command shell in the product or in the associated SDK. |
2492 |
CVE-2017-15566 |
264 |
|
|
2017-11-01 |
2017-11-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution. |
2493 |
CVE-2017-15539 |
89 |
|
Sql |
2017-10-17 |
2017-11-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. |
2494 |
CVE-2017-15534 |
264 |
|
Bypass |
2018-03-26 |
2018-04-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access. |
2495 |
CVE-2017-15398 |
119 |
|
Exec Code Overflow |
2018-08-28 |
2018-11-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server. |
2496 |
CVE-2017-15383 |
428 |
|
|
2017-10-16 |
2017-11-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory. |
2497 |
CVE-2017-15381 |
89 |
|
Sql |
2017-10-23 |
2017-10-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). |
2498 |
CVE-2017-15379 |
264 |
|
Bypass |
2017-10-23 |
2017-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. |
2499 |
CVE-2017-15373 |
89 |
|
Sql |
2017-10-16 |
2017-10-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). |
2500 |
CVE-2017-15367 |
89 |
|
Sql |
2018-03-07 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server. |