typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
Source: DWF
Max CVSS
8.8
EPSS Score
1.78%
Published
2017-11-27
Updated
2019-10-09
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
Source: DWF
Max CVSS
9.8
EPSS Score
0.22%
Published
2017-11-27
Updated
2019-10-09
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
Source: DWF
Max CVSS
9.8
EPSS Score
0.33%
Published
2017-11-27
Updated
2019-10-09
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.
Source: DWF
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-11-01
Updated
2017-11-18
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
Source: MITRE
Max CVSS
7.5
EPSS Score
0.09%
Published
2017-11-30
Updated
2017-12-20
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.
Source: MITRE
Max CVSS
7.0
EPSS Score
0.18%
Published
2017-11-30
Updated
2023-06-26
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis
Source: MITRE
Max CVSS
9.8
EPSS Score
0.21%
Published
2017-11-17
Updated
2017-12-04
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.07%
Published
2017-11-17
Updated
2017-12-04
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.07%
Published
2017-11-17
Updated
2019-10-03
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.20%
Published
2017-11-01
Updated
2019-10-03
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
Source: MITRE
Max CVSS
8.8
EPSS Score
0.08%
Published
2017-11-01
Updated
2019-05-22
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites
Source: MITRE
Max CVSS
4.3
EPSS Score
0.05%
Published
2017-11-01
Updated
2020-08-24
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure
Source: MITRE
Max CVSS
3.3
EPSS Score
0.04%
Published
2017-11-01
Updated
2017-11-25
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators.
Source: MITRE
Max CVSS
8.1
EPSS Score
0.32%
Published
2017-11-17
Updated
2019-10-03
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML.
Source: MITRE
Max CVSS
5.4
EPSS Score
0.15%
Published
2017-11-17
Updated
2017-11-30
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site.
Source: MITRE
Max CVSS
5.4
EPSS Score
0.06%
Published
2017-11-17
Updated
2017-11-29
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.09%
Published
2017-11-17
Updated
2017-11-30
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.28%
Published
2017-11-17
Updated
2017-11-29
I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.10%
Published
2017-11-17
Updated
2017-11-29
I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.38%
Published
2017-11-17
Updated
2017-11-29
I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter
Source: MITRE
Max CVSS
5.3
EPSS Score
0.10%
Published
2017-11-17
Updated
2017-11-29
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.42%
Published
2017-11-17
Updated
2020-04-01
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.38%
Published
2017-11-17
Updated
2018-02-04
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.09%
Published
2017-11-17
Updated
2017-12-02
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.16%
Published
2017-11-17
Updated
2019-05-06
1066 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!