| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
4501 |
CVE-2017-13134 |
119 |
|
DoS Overflow |
2017-08-22 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. |
|
4502 |
CVE-2017-13132 |
20 |
|
DoS |
2017-08-22 |
2017-11-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. |
|
4503 |
CVE-2017-13131 |
399 |
|
DoS |
2017-08-22 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file. |
|
4504 |
CVE-2017-13105 |
295 |
|
|
2018-08-15 |
2018-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker. |
|
4505 |
CVE-2017-13099 |
310 |
|
|
2017-12-12 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT." |
|
4506 |
CVE-2017-13098 |
310 |
|
|
2017-12-12 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT." |
|
4507 |
CVE-2017-13097 |
310 |
|
|
2018-07-13 |
2018-09-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. |
|
4508 |
CVE-2017-13096 |
310 |
|
|
2018-07-13 |
2018-09-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. |
|
4509 |
CVE-2017-13095 |
310 |
|
|
2018-07-13 |
2018-09-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. |
|
4510 |
CVE-2017-13094 |
310 |
|
|
2018-07-13 |
2018-09-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. |
|
4511 |
CVE-2017-13093 |
310 |
|
|
2018-07-13 |
2018-09-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. |
|
4512 |
CVE-2017-13092 |
310 |
|
|
2018-07-13 |
2018-09-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. |
|
4513 |
CVE-2017-13091 |
310 |
|
|
2018-07-13 |
2018-09-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. |
|
4514 |
CVE-2017-13073 |
79 |
|
XSS |
2018-04-23 |
2018-05-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. |
|
4515 |
CVE-2017-13072 |
79 |
|
XSS |
2018-06-21 |
2018-08-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. |
|
4516 |
CVE-2017-13066 |
119 |
|
Overflow |
2017-08-22 |
2017-08-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. |
|
4517 |
CVE-2017-13065 |
476 |
|
|
2017-08-22 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. |
|
4518 |
CVE-2017-13064 |
119 |
|
Overflow |
2017-08-22 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. |
|
4519 |
CVE-2017-13063 |
119 |
|
Overflow |
2017-08-22 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. |
|
4520 |
CVE-2017-13062 |
119 |
|
DoS Overflow |
2017-08-22 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file. |
|
4521 |
CVE-2017-13061 |
20 |
|
DoS |
2017-08-22 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. |
|
4522 |
CVE-2017-13060 |
119 |
|
DoS Overflow |
2017-08-22 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. |
|
4523 |
CVE-2017-13059 |
119 |
|
DoS Overflow |
2017-08-22 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file. |
|
4524 |
CVE-2017-13058 |
119 |
|
DoS Overflow |
2017-08-22 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. |
|
4525 |
CVE-2017-12984 |
79 |
|
XSS |
2017-08-21 |
2017-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. |
|
4526 |
CVE-2017-12982 |
119 |
|
DoS Overflow |
2017-08-21 |
2017-10-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. |
|
4527 |
CVE-2017-12980 |
79 |
|
XSS |
2017-08-21 |
2017-08-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element. |
|
4528 |
CVE-2017-12979 |
79 |
|
Exec Code XSS |
2017-08-21 |
2017-08-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. |
|
4529 |
CVE-2017-12973 |
310 |
|
|
2017-08-20 |
2017-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. |
|
4530 |
CVE-2017-12971 |
79 |
|
XSS |
2017-08-23 |
2017-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. |
|
4531 |
CVE-2017-12967 |
119 |
|
DoS Overflow |
2017-08-19 |
2018-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. |
|
4532 |
CVE-2017-12966 |
119 |
|
DoS Overflow |
2017-08-20 |
2017-08-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file. |
|
4533 |
CVE-2017-12957 |
119 |
|
DoS Overflow |
2017-08-18 |
2017-08-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. |
|
4534 |
CVE-2017-12956 |
125 |
|
DoS |
2017-08-18 |
2017-08-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service. |
|
4535 |
CVE-2017-12954 |
125 |
|
DoS |
2017-08-28 |
2017-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file. |
|
4536 |
CVE-2017-12953 |
787 |
|
DoS |
2017-08-28 |
2017-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file. |
|
4537 |
CVE-2017-12952 |
476 |
|
DoS |
2017-08-28 |
2017-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. |
|
4538 |
CVE-2017-12951 |
119 |
|
DoS Overflow |
2017-08-28 |
2017-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file. |
|
4539 |
CVE-2017-12950 |
476 |
|
DoS |
2017-08-28 |
2017-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. |
|
4540 |
CVE-2017-12948 |
79 |
|
XSS |
2017-08-18 |
2017-08-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF. |
|
4541 |
CVE-2017-12927 |
79 |
|
XSS |
2017-08-17 |
2017-08-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. |
|
4542 |
CVE-2017-12925 |
415 |
|
DoS |
2017-08-28 |
2017-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. |
|
4543 |
CVE-2017-12924 |
369 |
|
DoS |
2017-08-28 |
2017-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted fpx image. |
|
4544 |
CVE-2017-12923 |
476 |
|
DoS |
2017-08-28 |
2017-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. |
|
4545 |
CVE-2017-12922 |
476 |
|
DoS |
2017-08-28 |
2017-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. |
|
4546 |
CVE-2017-12921 |
476 |
|
DoS |
2017-08-28 |
2017-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. |
|
4547 |
CVE-2017-12920 |
476 |
|
DoS |
2017-08-28 |
2017-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. |
|
4548 |
CVE-2017-12919 |
119 |
|
DoS Overflow |
2017-08-28 |
2017-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. |
|
4549 |
CVE-2017-12912 |
119 |
|
Overflow |
2017-09-07 |
2017-09-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file. |
|
4550 |
CVE-2017-12911 |
119 |
|
Overflow Mem. Corr. |
2017-09-07 |
2017-09-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file. |
