| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-1002100 |
200 |
|
+Info |
2017-09-14 |
2017-09-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal. |
|
2 |
CVE-2017-1000410 |
200 |
|
Bypass +Info |
2017-12-07 |
2019-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). |
|
3 |
CVE-2017-1000383 |
200 |
|
+Info |
2017-10-31 |
2017-11-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. |
|
4 |
CVE-2017-1000382 |
200 |
|
+Info |
2017-10-31 |
2017-11-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. |
|
5 |
CVE-2017-1000381 |
200 |
|
+Info |
2017-07-07 |
2022-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. |
|
6 |
CVE-2017-1000380 |
200 |
|
+Info |
2017-06-17 |
2017-12-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. |
|
7 |
CVE-2017-1000362 |
200 |
|
+Info |
2017-07-17 |
2017-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present. |
|
8 |
CVE-2017-1000250 |
200 |
|
+Info |
2017-09-12 |
2018-02-17 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. |
|
9 |
CVE-2017-1000242 |
200 |
|
+Info |
2017-11-01 |
2017-11-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure |
|
10 |
CVE-2017-1000234 |
200 |
|
+Info |
2017-11-17 |
2017-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter |
|
11 |
CVE-2017-1000226 |
200 |
|
+Info |
2017-11-17 |
2017-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Stop User Enumeration 1.3.8 allows user enumeration via the REST API |
|
12 |
CVE-2017-1000199 |
200 |
|
+Info |
2017-11-17 |
2017-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. |
|
13 |
CVE-2017-1000157 |
200 |
|
+Info |
2017-11-03 |
2017-11-13 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on. |
|
14 |
CVE-2017-1000155 |
200 |
|
+Info |
2017-11-03 |
2017-11-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages. |
|
15 |
CVE-2017-1000151 |
200 |
|
+Info |
2017-11-03 |
2017-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. |
|
16 |
CVE-2017-1000143 |
200 |
|
+Info |
2017-11-03 |
2017-11-15 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore. |
|
17 |
CVE-2017-1000133 |
200 |
|
+Info |
2017-11-03 |
2017-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages. |
|
18 |
CVE-2017-1000114 |
200 |
|
XSS +Info |
2017-10-05 |
2017-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser extensions or cross-site scripting vulnerabilities. The Datadog Plugin now encrypts the API key transmitted to administrators viewing the global configuration form. |
|
19 |
CVE-2017-1000113 |
200 |
|
+Info |
2017-10-05 |
2019-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords. |
|
20 |
CVE-2017-1000108 |
200 |
|
+Info |
2017-10-05 |
2017-11-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead. |
|
21 |
CVE-2017-1000100 |
200 |
|
+Info |
2017-10-05 |
2018-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS. |
|
22 |
CVE-2017-1000099 |
200 |
|
+Info |
2017-10-05 |
2017-11-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory. |
|
23 |
CVE-2017-1000094 |
200 |
|
+Info |
2017-10-05 |
2017-10-17 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability. |
|
24 |
CVE-2017-1000087 |
200 |
|
+Info |
2017-10-05 |
2017-11-02 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability. |
|
25 |
CVE-2017-1000029 |
200 |
|
+Info File Inclusion |
2017-07-17 |
2017-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. |
|
26 |
CVE-2017-1000025 |
200 |
|
+Info |
2017-07-17 |
2017-08-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. |
|
27 |
CVE-2017-1000007 |
200 |
|
+Info |
2017-07-17 |
2017-08-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. |
|
28 |
CVE-2017-17974 |
|
|
+Info |
2017-12-29 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account. |
|
29 |
CVE-2017-17927 |
22 |
|
Dir. Trav. +Info |
2017-12-27 |
2018-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. |
|
30 |
CVE-2017-17926 |
200 |
|
+Info |
2017-12-27 |
2018-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. |
|
31 |
CVE-2017-17924 |
22 |
|
Dir. Trav. +Info |
2017-12-27 |
2018-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. |
|
32 |
CVE-2017-17910 |
330 |
|
+Info |
2017-12-29 |
2019-10-03 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well ("wireless cloning"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices. |
|
33 |
CVE-2017-17898 |
200 |
|
+Info |
2017-12-27 |
2022-11-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. |
|
34 |
CVE-2017-17864 |
200 |
|
+Info |
2017-12-27 |
2018-01-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." |
|
35 |
CVE-2017-17859 |
79 |
|
XSS Bypass +Info |
2017-12-27 |
2018-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML file does not have a document.domain value corresponding to the domain that is hosting the MHTML file, but instead has a document.domain value corresponding to an arbitrary URL within the content of the MHTML file. |
|
36 |
CVE-2017-17793 |
200 |
|
+Info |
2017-12-20 |
2018-01-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename). |
|
37 |
CVE-2017-17776 |
200 |
|
+Info |
2017-12-20 |
2018-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter. |
|
38 |
CVE-2017-17759 |
|
|
DoS +Info |
2017-12-19 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service). |
|
39 |
CVE-2017-17741 |
125 |
|
+Info |
2017-12-18 |
2018-04-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. |
|
40 |
CVE-2017-17735 |
200 |
|
+Info |
2017-12-18 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. |
|
41 |
CVE-2017-17734 |
200 |
|
+Info |
2017-12-18 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. |
|
42 |
CVE-2017-17696 |
200 |
|
+Info |
2017-12-15 |
2017-12-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php. |
|
43 |
CVE-2017-17692 |
200 |
|
Bypass +Info |
2017-12-21 |
2018-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property. |
|
44 |
CVE-2017-17568 |
732 |
|
+Info |
2017-12-13 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. |
|
45 |
CVE-2017-17556 |
200 |
|
+Info |
2017-12-15 |
2018-01-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. |
|
46 |
CVE-2017-17549 |
200 |
|
+Info |
2017-12-13 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange. |
|
47 |
CVE-2017-17476 |
200 |
|
+Priv +Info |
2017-12-20 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email. |
|
48 |
CVE-2017-17463 |
200 |
|
+Info |
2017-12-08 |
2017-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields. |
|
49 |
CVE-2017-17449 |
200 |
|
+Info |
2017-12-07 |
2018-05-31 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. |
|
50 |
CVE-2017-17104 |
200 |
|
+Info |
2017-12-04 |
2017-12-15 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. |
