| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
3301 |
CVE-2017-13989 |
284 |
|
|
2017-09-29 |
2017-10-06 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information. |
|
3302 |
CVE-2017-13984 |
287 |
|
Dir. Trav. |
2017-09-29 |
2017-10-05 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. |
|
3303 |
CVE-2017-13903 |
371 |
|
|
2017-12-25 |
2017-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door. |
|
3304 |
CVE-2017-13888 |
704 |
|
|
2019-01-11 |
2019-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In iOS before 11.2, a type confusion issue was addressed with improved memory handling. |
|
3305 |
CVE-2017-13887 |
320 |
|
|
2019-01-11 |
2019-01-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management. |
|
3306 |
CVE-2017-13878 |
125 |
|
DoS Bypass |
2017-12-25 |
2018-01-21 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash). |
|
3307 |
CVE-2017-13874 |
254 |
|
Bypass |
2017-12-25 |
2017-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection. |
|
3308 |
CVE-2017-13871 |
371 |
|
|
2017-12-25 |
2017-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient. |
|
3309 |
CVE-2017-13850 |
119 |
|
DoS Overflow Mem. Corr. +Info |
2018-04-03 |
2018-05-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted font. |
|
3310 |
CVE-2017-13837 |
254 |
|
|
2018-04-03 |
2018-05-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key. |
|
3311 |
CVE-2017-13831 |
200 |
|
DoS +Info |
2017-11-12 |
2017-11-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image. |
|
3312 |
CVE-2017-13820 |
119 |
|
DoS Overflow Mem. Corr. +Info |
2017-11-12 |
2017-11-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font. |
|
3313 |
CVE-2017-13780 |
22 |
|
Dir. Trav. |
2017-08-30 |
2017-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. |
|
3314 |
CVE-2017-13771 |
255 |
|
+Info |
2017-09-07 |
2017-09-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. |
|
3315 |
CVE-2017-13766 |
787 |
|
|
2017-08-30 |
2017-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. |
|
3316 |
CVE-2017-13765 |
119 |
|
Overflow |
2017-08-30 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. |
|
3317 |
CVE-2017-13764 |
476 |
|
|
2017-08-30 |
2017-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. |
|
3318 |
CVE-2017-13763 |
399 |
|
|
2017-08-29 |
2017-09-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited. |
|
3319 |
CVE-2017-13753 |
20 |
|
DoS |
2017-08-29 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a reachable assertion abort in the function JPC_NOMINALGAIN() in jpc/jpc_t1cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |
|
3320 |
CVE-2017-13752 |
20 |
|
DoS |
2017-08-29 |
2017-08-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |
|
3321 |
CVE-2017-13751 |
20 |
|
DoS |
2017-08-29 |
2017-08-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |
|
3322 |
CVE-2017-13750 |
20 |
|
DoS |
2017-08-29 |
2017-08-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. |
|
3323 |
CVE-2017-13749 |
20 |
|
DoS |
2017-08-29 |
2017-08-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |
|
3324 |
CVE-2017-13748 |
20 |
|
DoS |
2017-08-29 |
2018-11-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. |
|
3325 |
CVE-2017-13747 |
20 |
|
DoS |
2017-08-29 |
2017-08-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |
|
3326 |
CVE-2017-13746 |
20 |
|
DoS |
2017-08-29 |
2017-08-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. |
|
3327 |
CVE-2017-13745 |
20 |
|
DoS |
2017-08-29 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154. |
|
3328 |
CVE-2017-13735 |
20 |
|
DoS |
2017-08-29 |
2017-08-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. |
|
3329 |
CVE-2017-13712 |
476 |
|
DoS |
2017-08-28 |
2017-09-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. |
|
3330 |
CVE-2017-13711 |
416 |
|
DoS |
2017-09-01 |
2018-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. |
|
3331 |
CVE-2017-13710 |
476 |
|
DoS |
2017-08-27 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small. |
|
3332 |
CVE-2017-13704 |
20 |
|
|
2017-10-02 |
2018-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. |
|
3333 |
CVE-2017-13702 |
200 |
|
+Info |
2017-11-17 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused. |
|
3334 |
CVE-2017-13701 |
200 |
|
+Info |
2017-11-23 |
2017-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method. |
|
3335 |
CVE-2017-13699 |
326 |
|
|
2017-11-23 |
2018-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it. |
|
3336 |
CVE-2017-13698 |
320 |
|
|
2017-11-23 |
2017-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded. |
|
3337 |
CVE-2017-13692 |
20 |
|
DoS |
2017-08-25 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. |
|
3338 |
CVE-2017-13677 |
19 |
|
|
2018-04-11 |
2018-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes. |
|
3339 |
CVE-2017-13664 |
200 |
|
Exec Code +Info |
2017-12-01 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file. |
|
3340 |
CVE-2017-13663 |
200 |
|
+Info |
2017-12-01 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. |
|
3341 |
CVE-2017-13305 |
200 |
|
+Info |
2018-04-04 |
2018-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. |
|
3342 |
CVE-2017-13304 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999. |
|
3343 |
CVE-2017-13303 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501. |
|
3344 |
CVE-2017-13300 |
20 |
|
DoS |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394. |
|
3345 |
CVE-2017-13299 |
|
|
|
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394. |
|
3346 |
CVE-2017-13298 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051. |
|
3347 |
CVE-2017-13297 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721. |
|
3348 |
CVE-2017-13296 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454. |
|
3349 |
CVE-2017-13295 |
20 |
|
DoS |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability in the Android framework (package installer). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081. |
|
3350 |
CVE-2017-13294 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449. |
