| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
4601 |
CVE-2017-18442 |
77 |
|
Exec Code |
2019-08-02 |
2019-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). |
|
4602 |
CVE-2017-18431 |
20 |
|
|
2019-08-02 |
2019-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). |
|
4603 |
CVE-2017-18414 |
601 |
|
|
2019-08-02 |
2019-08-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). |
|
4604 |
CVE-2017-18407 |
347 |
|
|
2019-08-02 |
2019-08-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279). |
|
4605 |
CVE-2017-18406 |
89 |
|
Sql |
2019-08-02 |
2019-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276). |
|
4606 |
CVE-2017-18398 |
20 |
|
|
2019-08-02 |
2019-08-13 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331). |
|
4607 |
CVE-2017-18380 |
284 |
|
|
2019-07-30 |
2019-08-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name. |
|
4608 |
CVE-2017-18367 |
20 |
|
Bypass |
2019-04-24 |
2019-05-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. |
|
4609 |
CVE-2017-18361 |
835 |
|
DoS |
2019-02-01 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis. |
|
4610 |
CVE-2017-18354 |
22 |
|
Dir. Trav. File Inclusion |
2018-12-17 |
2019-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker. |
|
4611 |
CVE-2017-18353 |
|
|
|
2018-12-17 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application. |
|
4612 |
CVE-2017-18345 |
200 |
|
+Info |
2018-08-26 |
2018-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request. |
|
4613 |
CVE-2017-18313 |
|
|
|
2018-10-23 |
2019-10-02 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
Complete |
None |
|
Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 617. |
|
4614 |
CVE-2017-18265 |
|
|
DoS |
2018-05-09 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module. |
|
4615 |
CVE-2017-18263 |
22 |
|
Dir. Trav. |
2018-04-27 |
2018-06-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url. |
|
4616 |
CVE-2017-18262 |
601 |
|
|
2018-04-30 |
2018-06-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI. |
|
4617 |
CVE-2017-18239 |
|
|
|
2018-03-17 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests. |
|
4618 |
CVE-2017-18227 |
295 |
|
|
2018-03-12 |
2018-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature. |
|
4619 |
CVE-2017-18214 |
400 |
|
DoS |
2018-03-04 |
2018-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. |
|
4620 |
CVE-2017-18195 |
20 |
|
|
2018-02-26 |
2018-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers. |
|
4621 |
CVE-2017-18192 |
200 |
|
+Info |
2018-02-20 |
2018-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN. |
|
4622 |
CVE-2017-18190 |
290 |
|
Exec Code |
2018-02-16 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). |
|
4623 |
CVE-2017-18189 |
476 |
|
|
2018-02-15 |
2019-08-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. |
|
4624 |
CVE-2017-18178 |
601 |
|
|
2018-02-12 |
2018-03-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1. |
|
4625 |
CVE-2017-18143 |
|
|
|
2018-04-11 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 845, SD 850, on a secure device, PD dumps are collected when debugging is not enabled. |
|
4626 |
CVE-2017-18126 |
|
|
|
2018-04-11 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the original mac spoofing feature does not use the following in probe request frames: (a) randomized sequence numbers and (b) randomized source address for cfg80211 scan, vendor scan and pno scan which may affect user privacy. |
|
4627 |
CVE-2017-18125 |
384 |
|
|
2018-04-11 |
2018-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, when secure camera is activated it stores captured data in protected buffers. The TEE application which uses secure camera expects those buffers to contain data captured during the current camera session. It is possible though for HLOS to put aside and reuse one or more of the protected buffers with previously captured data during next camera session. Such data reuse must be prevented as the TEE applications expects to receive valid data captured during the current session only. |
|
4628 |
CVE-2017-18111 |
611 |
|
|
2019-03-29 |
2019-04-01 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability. |
|
4629 |
CVE-2017-18109 |
601 |
|
|
2019-03-29 |
2019-04-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. |
|
4630 |
CVE-2017-18095 |
863 |
|
|
2018-02-19 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability. |
|
4631 |
CVE-2017-18077 |
20 |
|
DoS |
2018-01-27 |
2018-02-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters. |
|
4632 |
CVE-2017-18076 |
|
|
|
2018-01-26 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase. |
|
4633 |
CVE-2017-18073 |
668 |
|
|
2018-04-11 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory. |
|
4634 |
CVE-2017-18072 |
200 |
|
+Info |
2018-04-11 |
2018-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of which information elements is supported. |
|
4635 |
CVE-2017-18060 |
125 |
|
|
2018-03-16 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for resp_event->vdev_id in wma_unified_bcntx_status_event_handler(), which is received from firmware, leads to potential out of bounds memory read. |
|
4636 |
CVE-2017-18059 |
125 |
|
|
2018-03-16 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received from firmware, leads to potential out of bounds memory read. |
|
4637 |
CVE-2017-18058 |
125 |
|
|
2018-03-16 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wow_buf_pkt_len in wma_wow_wakeup_host_event() which is received from firmware leads to potential out of bounds memory read. |
|
4638 |
CVE-2017-18057 |
125 |
|
|
2018-03-16 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read. |
|
4639 |
CVE-2017-18053 |
125 |
|
|
2018-03-16 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read. |
|
4640 |
CVE-2017-18052 |
125 |
|
|
2018-03-16 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from firmware, leads to potential out of bounds memory read. |
|
4641 |
CVE-2017-18051 |
125 |
|
|
2018-03-16 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds memory read. |
|
4642 |
CVE-2017-18038 |
22 |
|
Dir. Trav. |
2018-02-02 |
2018-02-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. |
|
4643 |
CVE-2017-18021 |
338 |
|
|
2018-01-05 |
2018-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI. |
|
4644 |
CVE-2017-18016 |
346 |
|
Bypass +Info |
2018-01-11 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin). |
|
4645 |
CVE-2017-18009 |
125 |
|
|
2018-01-01 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. |
|
4646 |
CVE-2017-17997 |
476 |
|
|
2017-12-30 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. |
|
4647 |
CVE-2017-17992 |
22 |
|
Dir. Trav. |
2017-12-29 |
2018-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. |
|
4648 |
CVE-2017-17974 |
|
|
+Info |
2017-12-29 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account. |
|
4649 |
CVE-2017-17952 |
20 |
|
|
2017-12-28 |
2018-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. |
|
4650 |
CVE-2017-17935 |
125 |
|
DoS |
2017-12-27 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. |
