# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
3101 |
CVE-2017-15887 |
255 |
|
|
2017-11-07 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. |
3102 |
CVE-2017-15882 |
400 |
|
DoS |
2017-10-26 |
2017-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file. |
3103 |
CVE-2017-15877 |
200 |
|
+Info |
2017-12-18 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. |
3104 |
CVE-2017-15871 |
400 |
|
DoS |
2017-10-24 |
2017-11-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
** DISPUTED ** The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. NOTE: the vendor agrees that denial of service can occur but notes that deserialize is explicitly listed as "harmful" within the README.md file. |
3105 |
CVE-2017-15865 |
200 |
|
+Info |
2017-11-08 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492). |
3106 |
CVE-2017-15859 |
200 |
|
+Info |
2018-03-30 |
2018-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-11 a buffer overrun occurs. |
3107 |
CVE-2017-15853 |
119 |
|
Overflow |
2018-04-03 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing PTT commands, ptt_sock_send_msg_to_app() is invoked without validating the packet length. If the packet length is invalid, then a buffer over-read can occur. |
3108 |
CVE-2017-15850 |
200 |
|
+Info |
2018-01-10 |
2018-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers. |
3109 |
CVE-2017-15837 |
119 |
|
Overflow |
2018-04-03 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a policy for the packet pattern attribute NL80211_PKTPAT_OFFSET is not defined which can lead to a buffer over-read in nla_get_u32(). |
3110 |
CVE-2017-15805 |
22 |
|
Dir. Trav. |
2017-10-23 |
2017-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. |
3111 |
CVE-2017-15723 |
476 |
|
|
2017-10-22 |
2017-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. |
3112 |
CVE-2017-15722 |
125 |
|
|
2017-10-22 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. |
3113 |
CVE-2017-15721 |
476 |
|
|
2017-10-22 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468. |
3114 |
CVE-2017-15718 |
255 |
|
|
2018-01-24 |
2018-02-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications. |
3115 |
CVE-2017-15710 |
787 |
|
DoS |
2018-03-26 |
2018-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. |
3116 |
CVE-2017-15707 |
20 |
|
|
2017-12-01 |
2018-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. |
3117 |
CVE-2017-15706 |
358 |
|
|
2018-01-31 |
2018-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected. |
3118 |
CVE-2017-15705 |
20 |
|
DoS |
2018-09-17 |
2018-12-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the "text" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future. |
3119 |
CVE-2017-15701 |
400 |
|
|
2017-12-01 |
2017-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected. |
3120 |
CVE-2017-15696 |
200 |
|
+Priv +Info |
2018-02-25 |
2018-03-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code. |
3121 |
CVE-2017-15667 |
20 |
|
DoS |
2017-12-28 |
2018-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221. |
3122 |
CVE-2017-15665 |
358 |
|
DoS |
2018-01-10 |
2018-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094. |
3123 |
CVE-2017-15664 |
358 |
|
DoS |
2018-01-10 |
2018-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121. |
3124 |
CVE-2017-15663 |
358 |
|
DoS |
2018-01-10 |
2018-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120. |
3125 |
CVE-2017-15662 |
358 |
|
DoS |
2018-01-10 |
2018-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123. |
3126 |
CVE-2017-15650 |
119 |
|
Overflow |
2017-10-19 |
2017-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. |
3127 |
CVE-2017-15647 |
22 |
|
Dir. Trav. |
2017-10-19 |
2017-11-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. |
3128 |
CVE-2017-15644 |
918 |
|
|
2017-10-19 |
2017-11-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. |
3129 |
CVE-2017-15609 |
200 |
|
+Info |
2017-10-19 |
2017-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets. |
3130 |
CVE-2017-15602 |
119 |
|
Overflow |
2017-10-18 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size. |
3131 |
CVE-2017-15601 |
119 |
|
Overflow |
2017-10-18 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup. |
3132 |
CVE-2017-15600 |
476 |
|
|
2017-10-18 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. |
3133 |
CVE-2017-15583 |
200 |
|
+Info File Inclusion |
2017-10-18 |
2017-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file. |
3134 |
CVE-2017-15582 |
200 |
|
+Info |
2017-10-27 |
2017-11-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries. |
3135 |
CVE-2017-15581 |
310 |
|
+Info |
2017-10-27 |
2017-11-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution. |
3136 |
CVE-2017-15577 |
200 |
|
+Info |
2017-10-17 |
2018-05-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information. |
3137 |
CVE-2017-15576 |
200 |
|
+Info |
2017-10-17 |
2018-05-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information. |
3138 |
CVE-2017-15572 |
532 |
|
+Info |
2017-10-17 |
2018-05-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect. |
3139 |
CVE-2017-15532 |
22 |
|
Dir. Trav. |
2017-12-20 |
2018-01-05 |
5.5 |
None |
Local Network |
Low |
Single system |
Complete |
None |
None |
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files. |
3140 |
CVE-2017-15531 |
287 |
|
|
2018-01-23 |
2018-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter. |
3141 |
CVE-2017-15527 |
22 |
|
Dir. Trav. |
2017-11-20 |
2017-12-12 |
5.2 |
None |
Local Network |
Low |
Single system |
Partial |
Partial |
Partial |
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs. |
3142 |
CVE-2017-15526 |
476 |
|
|
2017-11-13 |
2017-11-29 |
5.2 |
None |
Local Network |
Low |
Single system |
Partial |
Partial |
Partial |
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario. |
3143 |
CVE-2017-15525 |
399 |
|
DoS |
2017-11-13 |
2017-11-29 |
5.5 |
None |
Local Network |
Low |
Single system |
None |
None |
Complete |
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. |
3144 |
CVE-2017-15423 |
310 |
|
|
2018-08-28 |
2018-11-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic. |
3145 |
CVE-2017-15397 |
310 |
|
|
2018-02-07 |
2018-03-13 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position. |
3146 |
CVE-2017-15377 |
254 |
|
|
2017-10-23 |
2018-12-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default). |
3147 |
CVE-2017-15363 |
22 |
|
Dir. Trav. |
2017-10-15 |
2017-11-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter. |
3148 |
CVE-2017-15356 |
119 |
|
Overflow |
2018-02-15 |
2018-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal. |
3149 |
CVE-2017-15355 |
119 |
|
Overflow |
2018-02-15 |
2018-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal. |
3150 |
CVE-2017-15354 |
119 |
|
Overflow |
2018-02-15 |
2018-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal. |