# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
2651 |
CVE-2017-1000412 |
200 |
|
+Info |
2018-01-02 |
2018-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key. |
2652 |
CVE-2017-1000411 |
399 |
|
Overflow |
2018-01-31 |
2018-02-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) are removed from network (and thus also from controller's operations DS), the expired entries are still present in CONFIG DS. The attack can originate both from NORTH or SOUTH. The above description is for a north bound attack. A south bound attack can originate when an attacker attempts a flow flooding attack and since flows come with timeouts, the attack is not successful. However, the attacker will now be successful in CONTROLLER overflow attack (resource consumption). Although, the network (actual flow tables) and operational DS are only (~)1% occupied, the controller requests for resource consumption. This happens because the installed flows get removed from the network upon timeout. |
2653 |
CVE-2017-1000410 |
200 |
|
Bypass +Info |
2017-12-07 |
2018-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). |
2654 |
CVE-2017-1000406 |
254 |
|
|
2017-11-30 |
2017-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart). |
2655 |
CVE-2017-1000394 |
20 |
|
|
2018-01-25 |
2018-02-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins. |
2656 |
CVE-2017-1000381 |
200 |
|
+Info |
2017-07-07 |
2017-07-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. |
2657 |
CVE-2017-1000362 |
200 |
|
+Info |
2017-07-17 |
2017-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present. |
2658 |
CVE-2017-1000361 |
399 |
|
|
2017-04-24 |
2017-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources. Component: OpenDaylight is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. |
2659 |
CVE-2017-1000360 |
399 |
|
|
2017-04-24 |
2017-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. |
2660 |
CVE-2017-1000359 |
399 |
|
|
2017-04-24 |
2017-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. |
2661 |
CVE-2017-1000357 |
399 |
|
DoS |
2017-04-24 |
2017-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 (Lithium-SR3), 3.4 (Lithium-SR4), 4.0 (Beryllium), 4.1 (Beryllium-SR1), 4.2 (Beryllium-SR2), and 4.4 (Beryllium-SR4) are affected by this flaw. Java version is openjdk version 1.8.0_91. |
2662 |
CVE-2017-1000254 |
119 |
|
Overflow |
2017-10-06 |
2018-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. |
2663 |
CVE-2017-1000247 |
20 |
|
|
2017-11-16 |
2017-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. |
2664 |
CVE-2017-1000246 |
310 |
|
|
2017-11-16 |
2019-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. |
2665 |
CVE-2017-1000245 |
255 |
|
|
2017-11-01 |
2017-11-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. |
2666 |
CVE-2017-1000234 |
200 |
|
+Info |
2017-11-16 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter |
2667 |
CVE-2017-1000230 |
20 |
|
DoS |
2017-11-17 |
2017-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack. |
2668 |
CVE-2017-1000226 |
200 |
|
+Info |
2017-11-17 |
2017-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Stop User Enumeration 1.3.8 allows user enumeration via the REST API |
2669 |
CVE-2017-1000211 |
416 |
|
|
2017-11-17 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. |
2670 |
CVE-2017-1000200 |
476 |
|
DoS |
2017-11-16 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service |
2671 |
CVE-2017-1000199 |
200 |
|
+Info |
2017-11-16 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. |
2672 |
CVE-2017-1000198 |
119 |
|
DoS Overflow |
2017-11-16 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service |
2673 |
CVE-2017-1000192 |
200 |
|
+Info File Inclusion |
2017-11-17 |
2017-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information. |
2674 |
CVE-2017-1000189 |
20 |
|
|
2017-11-16 |
2017-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() |
2675 |
CVE-2017-1000171 |
532 |
|
|
2017-11-03 |
2017-11-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text. |
2676 |
CVE-2017-1000170 |
22 |
|
Dir. Trav. |
2017-11-17 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
jqueryFileTree 2.1.5 and older Directory Traversal |
2677 |
CVE-2017-1000163 |
601 |
|
|
2017-11-17 |
2017-12-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks. |
2678 |
CVE-2017-1000156 |
264 |
|
|
2017-11-03 |
2017-11-13 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role. |
2679 |
CVE-2017-1000151 |
200 |
|
+Info |
2017-11-03 |
2017-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. |
2680 |
CVE-2017-1000142 |
284 |
|
|
2017-11-03 |
2017-11-15 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation. |
2681 |
CVE-2017-1000133 |
200 |
|
+Info |
2017-11-03 |
2017-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages. |
2682 |
CVE-2017-1000129 |
89 |
|
Sql |
2017-11-17 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure |
2683 |
CVE-2017-1000125 |
264 |
|
|
2017-11-17 |
2017-12-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. |
2684 |
CVE-2017-1000122 |
20 |
|
DoS |
2017-11-01 |
2017-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products. |
2685 |
CVE-2017-1000118 |
119 |
|
DoS Overflow |
2017-10-04 |
2017-10-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service |
2686 |
CVE-2017-1000115 |
59 |
|
|
2017-10-04 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository |
2687 |
CVE-2017-1000108 |
200 |
|
+Info |
2017-10-04 |
2017-11-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead. |
2688 |
CVE-2017-1000106 |
264 |
|
|
2017-10-04 |
2017-11-01 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user's authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator's GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name. |
2689 |
CVE-2017-1000105 |
275 |
|
|
2017-10-04 |
2017-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient. |
2690 |
CVE-2017-1000098 |
769 |
|
|
2017-10-04 |
2018-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors. |
2691 |
CVE-2017-1000097 |
295 |
|
|
2017-10-04 |
2018-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate. |
2692 |
CVE-2017-1000089 |
264 |
|
|
2017-10-04 |
2017-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. |
2693 |
CVE-2017-1000070 |
601 |
|
|
2017-07-17 |
2017-07-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819 |
2694 |
CVE-2017-1000068 |
287 |
|
DoS |
2017-07-17 |
2017-08-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field. |
2695 |
CVE-2017-1000066 |
200 |
|
+Info |
2017-07-17 |
2017-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information. |
2696 |
CVE-2017-1000064 |
400 |
|
|
2017-07-17 |
2017-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS |
2697 |
CVE-2017-1000062 |
22 |
|
Exec Code Dir. Trav. |
2017-07-17 |
2017-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution |
2698 |
CVE-2017-1000061 |
611 |
|
DoS |
2017-07-17 |
2018-01-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service |
2699 |
CVE-2017-1000050 |
476 |
|
|
2017-07-17 |
2018-11-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. |
2700 |
CVE-2017-1000048 |
20 |
|
|
2017-07-17 |
2017-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash. |