| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
2651 |
CVE-2017-16013 |
20 |
|
|
2018-06-04 |
2018-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached. |
|
2652 |
CVE-2017-16005 |
347 |
|
|
2018-06-04 |
2018-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature. |
|
2653 |
CVE-2017-15999 |
200 |
|
+Info |
2017-10-29 |
2017-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required. |
|
2654 |
CVE-2017-15998 |
320 |
|
+Info |
2017-10-29 |
2017-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network. |
|
2655 |
CVE-2017-15956 |
20 |
|
|
2017-10-29 |
2017-11-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. |
|
2656 |
CVE-2017-15943 |
918 |
|
+Info |
2017-12-11 |
2017-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities. |
|
2657 |
CVE-2017-15942 |
399 |
|
DoS |
2017-12-11 |
2017-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface. |
|
2658 |
CVE-2017-15938 |
119 |
|
DoS Overflow |
2017-10-27 |
2018-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). |
|
2659 |
CVE-2017-15928 |
20 |
|
|
2017-10-27 |
2017-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication. |
|
2660 |
CVE-2017-15923 |
19 |
|
DoS |
2017-11-15 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. |
|
2661 |
CVE-2017-15921 |
476 |
|
|
2017-10-30 |
2017-11-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated. |
|
2662 |
CVE-2017-15920 |
476 |
|
|
2017-10-30 |
2017-11-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated. |
|
2663 |
CVE-2017-15908 |
20 |
|
|
2017-10-26 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. |
|
2664 |
CVE-2017-15906 |
275 |
|
|
2017-10-25 |
2018-09-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. |
|
2665 |
CVE-2017-15887 |
255 |
|
|
2017-11-07 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. |
|
2666 |
CVE-2017-15882 |
400 |
|
DoS |
2017-10-26 |
2017-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file. |
|
2667 |
CVE-2017-15877 |
200 |
|
+Info |
2017-12-18 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. |
|
2668 |
CVE-2017-15871 |
400 |
|
DoS |
2017-10-24 |
2017-11-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. NOTE: the vendor agrees that denial of service can occur but notes that deserialize is explicitly listed as "harmful" within the README.md file. |
|
2669 |
CVE-2017-15865 |
200 |
|
+Info |
2017-11-08 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492). |
|
2670 |
CVE-2017-15859 |
200 |
|
+Info |
2018-03-30 |
2018-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-11 a buffer overrun occurs. |
|
2671 |
CVE-2017-15853 |
119 |
|
Overflow |
2018-04-03 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing PTT commands, ptt_sock_send_msg_to_app() is invoked without validating the packet length. If the packet length is invalid, then a buffer over-read can occur. |
|
2672 |
CVE-2017-15850 |
200 |
|
+Info |
2018-01-10 |
2018-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers. |
|
2673 |
CVE-2017-15837 |
119 |
|
Overflow |
2018-04-03 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a policy for the packet pattern attribute NL80211_PKTPAT_OFFSET is not defined which can lead to a buffer over-read in nla_get_u32(). |
|
2674 |
CVE-2017-15805 |
22 |
|
Dir. Trav. |
2017-10-23 |
2017-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. |
|
2675 |
CVE-2017-15723 |
476 |
|
|
2017-10-22 |
2017-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. |
|
2676 |
CVE-2017-15722 |
125 |
|
|
2017-10-22 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. |
|
2677 |
CVE-2017-15721 |
476 |
|
|
2017-10-22 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468. |
|
2678 |
CVE-2017-15718 |
255 |
|
|
2018-01-24 |
2018-02-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications. |
|
2679 |
CVE-2017-15710 |
787 |
|
DoS |
2018-03-26 |
2018-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. |
|
2680 |
CVE-2017-15707 |
20 |
|
|
2017-12-01 |
2018-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. |
|
2681 |
CVE-2017-15706 |
358 |
|
|
2018-01-31 |
2018-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected. |
|
2682 |
CVE-2017-15705 |
20 |
|
DoS |
2018-09-17 |
2018-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the "text" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future. |
|
2683 |
CVE-2017-15701 |
400 |
|
|
2017-12-01 |
2017-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected. |
|
2684 |
CVE-2017-15696 |
200 |
|
+Priv +Info |
2018-02-25 |
2018-03-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code. |
|
2685 |
CVE-2017-15667 |
20 |
|
DoS |
2017-12-28 |
2018-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221. |
|
2686 |
CVE-2017-15665 |
358 |
|
DoS |
2018-01-10 |
2018-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094. |
|
2687 |
CVE-2017-15664 |
358 |
|
DoS |
2018-01-10 |
2018-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121. |
|
2688 |
CVE-2017-15663 |
358 |
|
DoS |
2018-01-10 |
2018-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120. |
|
2689 |
CVE-2017-15662 |
358 |
|
DoS |
2018-01-10 |
2018-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123. |
|
2690 |
CVE-2017-15650 |
119 |
|
Overflow |
2017-10-19 |
2017-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. |
|
2691 |
CVE-2017-15647 |
22 |
|
Dir. Trav. |
2017-10-19 |
2017-11-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. |
|
2692 |
CVE-2017-15644 |
918 |
|
|
2017-10-19 |
2017-11-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. |
|
2693 |
CVE-2017-15609 |
200 |
|
+Info |
2017-10-19 |
2017-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets. |
|
2694 |
CVE-2017-15602 |
119 |
|
Overflow |
2017-10-18 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size. |
|
2695 |
CVE-2017-15601 |
119 |
|
Overflow |
2017-10-18 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup. |
|
2696 |
CVE-2017-15600 |
476 |
|
|
2017-10-18 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. |
|
2697 |
CVE-2017-15583 |
200 |
|
+Info File Inclusion |
2017-10-18 |
2017-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file. |
|
2698 |
CVE-2017-15582 |
200 |
|
+Info |
2017-10-27 |
2017-11-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries. |
|
2699 |
CVE-2017-15581 |
310 |
|
+Info |
2017-10-27 |
2017-11-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution. |
|
2700 |
CVE-2017-15577 |
200 |
|
+Info |
2017-10-17 |
2018-05-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information. |
