| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
3101 |
CVE-2017-11932 |
20 |
|
|
2017-12-12 |
2018-01-02 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability". |
|
3102 |
CVE-2017-11883 |
19 |
|
DoS |
2017-11-14 |
2017-12-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability". |
|
3103 |
CVE-2017-11788 |
19 |
|
DoS |
2017-11-14 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability". |
|
3104 |
CVE-2017-11776 |
200 |
|
+Info |
2017-10-13 |
2017-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability." |
|
3105 |
CVE-2017-11772 |
200 |
|
+Info |
2017-10-13 |
2017-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to properly handle objects in memory, aka "Microsoft Search Information Disclosure Vulnerability". |
|
3106 |
CVE-2017-11770 |
295 |
|
DoS |
2017-11-14 |
2017-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability". |
|
3107 |
CVE-2017-11761 |
200 |
|
+Info |
2017-09-12 |
2017-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability" |
|
3108 |
CVE-2017-11725 |
601 |
|
|
2017-07-29 |
2017-08-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. |
|
3109 |
CVE-2017-11723 |
22 |
|
Dir. Trav. |
2017-07-29 |
2017-08-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter. |
|
3110 |
CVE-2017-11718 |
601 |
|
|
2017-07-28 |
2017-08-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. |
|
3111 |
CVE-2017-11717 |
284 |
|
Bypass |
2017-07-28 |
2017-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page. |
|
3112 |
CVE-2017-11706 |
200 |
|
+Info |
2017-07-28 |
2017-08-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the application was changed to enable SSL logins, was "At the moment that is an accepted risk. We only have https on the checkout part of the site." |
|
3113 |
CVE-2017-11692 |
20 |
|
DoS |
2017-07-30 |
2017-08-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string. |
|
3114 |
CVE-2017-11684 |
399 |
|
DoS |
2017-07-27 |
2017-08-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. |
|
3115 |
CVE-2017-11670 |
125 |
|
|
2017-07-31 |
2017-08-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially use this flaw to crash the eapmd5pass process by generating specially crafted network traffic. |
|
3116 |
CVE-2017-11669 |
125 |
|
|
2017-07-31 |
2017-08-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic. |
|
3117 |
CVE-2017-11668 |
125 |
|
|
2017-07-31 |
2017-08-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic. |
|
3118 |
CVE-2017-11665 |
20 |
|
DoS |
2017-07-27 |
2018-06-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. |
|
3119 |
CVE-2017-11662 |
125 |
|
DoS |
2017-08-17 |
2017-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. |
|
3120 |
CVE-2017-11661 |
125 |
|
DoS |
2017-08-17 |
2017-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. |
|
3121 |
CVE-2017-11658 |
22 |
|
Dir. Trav. Bypass File Inclusion |
2017-07-26 |
2017-08-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack. |
|
3122 |
CVE-2017-11655 |
119 |
|
Overflow |
2017-07-26 |
2017-08-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions. |
|
3123 |
CVE-2017-11635 |
200 |
|
+Info |
2018-02-26 |
2018-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card. |
|
3124 |
CVE-2017-11633 |
255 |
|
|
2018-02-26 |
2018-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field. |
|
3125 |
CVE-2017-11630 |
22 |
|
Dir. Trav. |
2017-07-26 |
2017-07-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. |
|
3126 |
CVE-2017-11592 |
119 |
|
DoS Overflow Mem. Corr. |
2017-07-23 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input. |
|
3127 |
CVE-2017-11591 |
399 |
|
DoS |
2017-07-23 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. |
|
3128 |
CVE-2017-11587 |
22 |
|
Dir. Trav. |
2017-07-23 |
2017-08-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI. |
|
3129 |
CVE-2017-11586 |
601 |
|
|
2017-07-23 |
2017-07-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php. |
|
3130 |
CVE-2017-11565 |
284 |
|
Bypass |
2017-07-23 |
2017-07-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script). |
|
3131 |
CVE-2017-11556 |
399 |
|
DoS |
2017-07-22 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. |
|
3132 |
CVE-2017-11555 |
20 |
|
DoS |
2017-07-22 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. |
|
3133 |
CVE-2017-11554 |
399 |
|
DoS |
2017-07-22 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service. |
|
3134 |
CVE-2017-11553 |
20 |
|
DoS |
2017-07-22 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. |
|
3135 |
CVE-2017-11545 |
20 |
|
|
2017-07-22 |
2017-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:253:34. |
|
3136 |
CVE-2017-11544 |
20 |
|
|
2017-07-22 |
2017-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:229:3. |
|
3137 |
CVE-2017-11521 |
400 |
|
DoS |
2017-07-22 |
2018-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections. |
|
3138 |
CVE-2017-11519 |
255 |
|
|
2017-07-21 |
2017-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511. |
|
3139 |
CVE-2017-11512 |
22 |
|
Dir. Trav. |
2017-11-08 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. |
|
3140 |
CVE-2017-11511 |
200 |
|
+Info |
2017-11-08 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. |
|
3141 |
CVE-2017-11510 |
255 |
|
+Info |
2018-03-28 |
2018-04-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request. |
|
3142 |
CVE-2017-11506 |
295 |
|
|
2017-08-09 |
2017-08-24 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks. |
|
3143 |
CVE-2017-11502 |
200 |
|
+Info |
2017-07-20 |
2017-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321. |
|
3144 |
CVE-2017-11500 |
22 |
|
Dir. Trav. |
2017-07-20 |
2017-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. |
|
3145 |
CVE-2017-11499 |
20 |
|
|
2017-07-25 |
2017-12-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. |
|
3146 |
CVE-2017-11498 |
119 |
|
DoS Overflow |
2017-10-02 |
2018-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files. |
|
3147 |
CVE-2017-11482 |
601 |
|
|
2017-12-08 |
2017-12-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. |
|
3148 |
CVE-2017-11480 |
284 |
|
DoS |
2017-12-08 |
2017-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic. |
|
3149 |
CVE-2017-11469 |
22 |
|
Dir. Trav. |
2017-07-20 |
2017-07-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. |
|
3150 |
CVE-2017-11468 |
399 |
|
DoS |
2017-07-20 |
2017-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. |
