# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2017-1000410 |
200 |
|
Bypass +Info |
2017-12-07 |
2019-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). |
2 |
CVE-2017-1000377 |
119 |
|
Overflow Bypass |
2017-06-19 |
2017-07-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time). |
3 |
CVE-2017-1000374 |
|
|
Exec Code Bypass |
2017-06-19 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions. |
4 |
CVE-2017-1000372 |
|
|
Exec Code Bypass |
2017-06-19 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions. |
5 |
CVE-2017-1000365 |
|
|
Bypass |
2017-06-19 |
2023-01-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23. |
6 |
CVE-2017-1000364 |
119 |
|
Overflow Bypass |
2017-06-19 |
2018-10-18 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). |
7 |
CVE-2017-1000107 |
|
|
Bypass |
2017-10-05 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection. |
8 |
CVE-2017-1000071 |
287 |
|
Bypass |
2017-07-17 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. |
9 |
CVE-2017-1000052 |
74 |
|
Bypass |
2017-07-17 |
2019-12-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions. |
10 |
CVE-2017-1000045 |
352 |
|
Bypass CSRF |
2017-07-17 |
2017-07-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state parameter resulting in authentication bypass through clickjacking |
11 |
CVE-2017-1000020 |
287 |
|
Bypass |
2017-07-17 |
2017-08-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others." |
12 |
CVE-2017-1000002 |
22 |
|
Exec Code Dir. Trav. Bypass |
2017-07-17 |
2017-07-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure. |
13 |
CVE-2017-17876 |
275 |
|
Bypass |
2017-12-27 |
2018-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. |
14 |
CVE-2017-17859 |
79 |
|
XSS Bypass +Info |
2017-12-27 |
2018-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML file does not have a document.domain value corresponding to the domain that is hosting the MHTML file, but instead has a document.domain value corresponding to an arbitrary URL within the content of the MHTML file. |
15 |
CVE-2017-17794 |
|
|
Bypass |
2017-12-20 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field. |
16 |
CVE-2017-17777 |
287 |
|
Bypass |
2017-12-20 |
2018-01-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter. |
17 |
CVE-2017-17692 |
200 |
|
Bypass +Info |
2017-12-21 |
2018-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property. |
18 |
CVE-2017-17665 |
862 |
|
Bypass |
2017-12-13 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access. |
19 |
CVE-2017-17496 |
284 |
|
Bypass |
2017-12-10 |
2017-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The socket_create function in socket.c in idevicerestore through 2017-12-10 allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket, a similar issue to CVE-2016-5104. |
20 |
CVE-2017-17461 |
20 |
|
DoS Bypass |
2017-12-07 |
2017-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A Regular expression Denial of Service (ReDoS) vulnerability in the file marked.js of the marked npm package (tested on version 0.3.7) allows a remote attacker to overload and crash a server by passing a maliciously crafted string. |
21 |
CVE-2017-17450 |
862 |
|
Bypass |
2017-12-07 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. |
22 |
CVE-2017-17448 |
862 |
|
Bypass |
2017-12-07 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces. |
23 |
CVE-2017-17434 |
|
|
Bypass |
2017-12-06 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. |
24 |
CVE-2017-17433 |
862 |
|
Bypass |
2017-12-06 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. |
25 |
CVE-2017-17091 |
330 |
|
Bypass |
2017-12-02 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string. |
26 |
CVE-2017-17067 |
863 |
|
Bypass |
2017-11-30 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks. |
27 |
CVE-2017-16935 |
20 |
|
Bypass |
2017-11-24 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account details via a users/search.json request, and then modifying the account via an editUser request. |
28 |
CVE-2017-16908 |
79 |
|
Exec Code XSS Bypass CSRF |
2017-11-20 |
2020-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. |
29 |
CVE-2017-16857 |
362 |
|
Bypass |
2017-12-05 |
2019-10-03 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket. |
30 |
CVE-2017-16798 |
79 |
|
XSS Bypass |
2017-11-12 |
2019-11-21 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. |
31 |
CVE-2017-16776 |
|
|
Bypass |
2017-12-15 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other accounts. An authenticated attacker can exploit the vulnerability and be granted access reserved for higher privilege users. |
32 |
CVE-2017-16636 |
79 |
|
+Priv XSS Bypass |
2017-11-06 |
2017-11-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts. |
33 |
CVE-2017-16634 |
287 |
|
Bypass |
2017-11-10 |
2017-11-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. |
34 |
CVE-2017-16613 |
287 |
|
Bypass |
2017-11-21 |
2017-12-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team. |
35 |
CVE-2017-16570 |
352 |
|
Bypass CSRF |
2017-11-06 |
2018-01-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header. |
36 |
CVE-2017-16562 |
287 |
|
Bypass |
2017-11-10 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI. |
37 |
CVE-2017-16541 |
200 |
|
Bypass +Info |
2017-11-04 |
2022-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. |
38 |
CVE-2017-16380 |
|
|
Bypass |
2017-12-09 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt. |
39 |
CVE-2017-16369 |
200 |
|
Bypass +Info |
2017-12-09 |
2017-12-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting files on the local system, etc. |
40 |
CVE-2017-16366 |
|
|
Bypass |
2017-12-09 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin. |
41 |
CVE-2017-16361 |
|
|
Bypass |
2017-12-09 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability when handling XFDF files. |
42 |
CVE-2017-16244 |
352 |
|
Bypass CSRF |
2017-11-01 |
2020-08-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable. |
43 |
CVE-2017-16239 |
|
|
Bypass |
2017-11-14 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3. |
44 |
CVE-2017-15994 |
354 |
|
Bypass |
2017-10-29 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects. |
45 |
CVE-2017-15974 |
89 |
|
Sql Bypass |
2017-10-29 |
2017-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. |
46 |
CVE-2017-15911 |
79 |
|
Exec Code XSS Bypass CSRF |
2017-10-26 |
2017-11-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. |
47 |
CVE-2017-15896 |
|
|
Bypass |
2017-12-11 |
2022-08-16 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption. |
48 |
CVE-2017-15639 |
611 |
|
Bypass |
2017-10-19 |
2017-11-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. |
49 |
CVE-2017-15638 |
|
|
Bypass |
2017-11-10 |
2019-10-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services. |
50 |
CVE-2017-15524 |
|
|
Bypass |
2017-12-19 |
2019-10-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request. |