| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-1001004 |
20 |
|
Exec Code |
2017-11-27 |
2017-12-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. |
|
2 |
CVE-2017-1001002 |
94 |
|
Exec Code |
2017-11-27 |
2018-01-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. |
|
3 |
CVE-2017-1000378 |
399 |
|
Exec Code |
2017-06-19 |
2017-06-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions. |
|
4 |
CVE-2017-1000376 |
119 |
|
Exec Code Overflow |
2017-06-19 |
2017-11-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. |
|
5 |
CVE-2017-1000375 |
119 |
|
Exec Code Overflow |
2017-06-19 |
2017-08-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions. |
|
6 |
CVE-2017-1000374 |
284 |
|
Exec Code Bypass |
2017-06-19 |
2017-06-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions. |
|
7 |
CVE-2017-1000373 |
400 |
|
Exec Code |
2017-06-19 |
2017-10-23 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions. |
|
8 |
CVE-2017-1000372 |
284 |
|
Exec Code Bypass |
2017-06-19 |
2017-06-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions. |
|
9 |
CVE-2017-1000369 |
264 |
|
Exec Code |
2017-06-19 |
2017-11-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. |
|
10 |
CVE-2017-1000368 |
20 |
|
Exec Code |
2017-06-05 |
2018-10-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. |
|
11 |
CVE-2017-1000367 |
20 |
|
Exec Code |
2017-06-05 |
2018-10-31 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. |
|
12 |
CVE-2017-1000366 |
119 |
|
Exec Code Overflow |
2017-06-19 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. |
|
13 |
CVE-2017-1000251 |
119 |
|
Exec Code Overflow |
2017-09-12 |
2018-02-16 |
8.3 |
Admin |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. |
|
14 |
CVE-2017-1000229 |
190 |
|
DoS Exec Code Overflow |
2017-11-17 |
2018-02-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. |
|
15 |
CVE-2017-1000228 |
20 |
|
Exec Code |
2017-11-16 |
2017-11-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function |
|
16 |
CVE-2017-1000220 |
77 |
|
Exec Code |
2017-11-16 |
2017-11-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution |
|
17 |
CVE-2017-1000219 |
77 |
|
Exec Code |
2017-11-16 |
2017-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user |
|
18 |
CVE-2017-1000218 |
119 |
|
DoS Exec Code Overflow |
2017-11-16 |
2017-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution. |
|
19 |
CVE-2017-1000217 |
74 |
|
Exec Code |
2017-11-17 |
2018-08-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0. |
|
20 |
CVE-2017-1000215 |
77 |
|
Exec Code |
2017-11-17 |
2017-12-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution |
|
21 |
CVE-2017-1000212 |
264 |
|
Exec Code |
2017-11-17 |
2017-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code. |
|
22 |
CVE-2017-1000210 |
119 |
|
DoS Exec Code Overflow |
2017-11-16 |
2017-11-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack |
|
23 |
CVE-2017-1000208 |
17 |
|
Exec Code |
2017-11-16 |
2017-12-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification. |
|
24 |
CVE-2017-1000207 |
17 |
|
Exec Code |
2017-11-27 |
2017-12-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification. |
|
25 |
CVE-2017-1000206 |
119 |
|
Exec Code Overflow |
2017-11-17 |
2017-12-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution |
|
26 |
CVE-2017-1000203 |
77 |
|
Exec Code |
2017-11-17 |
2017-12-04 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution |
|
27 |
CVE-2017-1000196 |
94 |
|
Exec Code |
2017-11-16 |
2017-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server. |
|
28 |
CVE-2017-1000193 |
79 |
|
Exec Code XSS |
2017-11-16 |
2017-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser. |
|
29 |
CVE-2017-1000173 |
119 |
|
Exec Code Overflow |
2017-11-16 |
2017-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow. |
|
30 |
CVE-2017-1000172 |
416 |
|
Exec Code |
2017-11-16 |
2017-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free condition. |
|
31 |
CVE-2017-1000169 |
20 |
|
Exec Code |
2017-11-17 |
2017-12-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB. |
|
32 |
CVE-2017-1000164 |
79 |
|
Exec Code XSS |
2017-11-17 |
2017-11-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation |
|
33 |
CVE-2017-1000158 |
119 |
|
Exec Code Overflow |
2017-11-17 |
2018-10-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) |
|
34 |
CVE-2017-1000148 |
94 |
|
Exec Code |
2017-11-03 |
2017-11-13 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file. |
|
35 |
CVE-2017-1000140 |
79 |
|
Exec Code XSS |
2017-11-03 |
2017-11-15 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file. |
|
36 |
CVE-2017-1000132 |
79 |
|
Exec Code XSS |
2017-11-03 |
2017-11-15 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file. |
|
37 |
CVE-2017-1000120 |
89 |
|
Exec Code Sql |
2017-10-04 |
2017-10-13 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. |
|
38 |
CVE-2017-1000119 |
434 |
|
Exec Code |
2017-10-04 |
2017-10-25 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. |
|
39 |
CVE-2017-1000096 |
284 |
|
Exec Code |
2017-10-04 |
2017-10-17 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. |
|
40 |
CVE-2017-1000083 |
77 |
|
Exec Code |
2017-09-05 |
2018-11-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. |
|
41 |
CVE-2017-1000081 |
|
|
Exec Code |
2017-07-17 |
2018-01-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. |
|
42 |
CVE-2017-1000073 |
119 |
|
Exec Code Overflow |
2017-07-17 |
2017-07-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution. |
|
43 |
CVE-2017-1000062 |
22 |
|
Exec Code Dir. Trav. |
2017-07-17 |
2017-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution |
|
44 |
CVE-2017-1000059 |
79 |
|
Exec Code XSS |
2017-07-17 |
2017-07-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users. |
|
45 |
CVE-2017-1000053 |
502 |
|
Exec Code |
2017-07-17 |
2017-08-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session. |
|
46 |
CVE-2017-1000047 |
22 |
|
Exec Code Dir. Trav. |
2017-07-17 |
2017-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution |
|
47 |
CVE-2017-1000039 |
20 |
|
Exec Code |
2017-07-17 |
2017-07-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution |
|
48 |
CVE-2017-1000037 |
77 |
|
Exec Code |
2017-07-17 |
2017-08-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically installs gems as specified by files in $PWD resulting in code execution RVM automatically does "bundle install" on a Gemfile specified by .versions.conf in $PWD resulting in code execution |
|
49 |
CVE-2017-1000036 |
79 |
|
Exec Code XSS |
2017-07-17 |
2017-07-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
All versions of Candy Chat are vulnerable to an XSS attack by message senders, permitting remote code execution within the page |
|
50 |
CVE-2017-1000034 |
502 |
|
Exec Code |
2017-07-17 |
2017-08-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem. |
