| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-1002153 |
20 |
|
|
2017-10-06 |
2017-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. |
|
2 |
CVE-2017-1002151 |
285 |
|
|
2017-09-14 |
2017-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization |
|
3 |
CVE-2017-1002150 |
601 |
|
CSRF |
2017-09-14 |
2017-09-21 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection |
|
4 |
CVE-2017-1002100 |
200 |
|
+Info |
2017-09-14 |
2017-09-29 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal. |
|
5 |
CVE-2017-1002028 |
89 |
|
Sql |
2017-09-14 |
2017-09-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. |
|
6 |
CVE-2017-1002027 |
89 |
|
Sql |
2017-09-14 |
2017-09-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php. |
|
7 |
CVE-2017-1002026 |
89 |
|
Sql |
2017-09-14 |
2017-09-20 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement. |
|
8 |
CVE-2017-1002025 |
89 |
|
Sql |
2017-09-14 |
2017-09-21 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. |
|
9 |
CVE-2017-1002024 |
284 |
|
|
2017-09-14 |
2017-09-27 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files. |
|
10 |
CVE-2017-1002023 |
89 |
|
Sql |
2017-09-14 |
2017-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php |
|
11 |
CVE-2017-1002022 |
89 |
|
Sql |
2017-09-14 |
2017-09-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. |
|
12 |
CVE-2017-1002021 |
89 |
|
Sql |
2017-09-14 |
2017-09-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. |
|
13 |
CVE-2017-1002020 |
89 |
|
Sql |
2017-09-14 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. |
|
14 |
CVE-2017-1002019 |
89 |
|
Sql |
2017-09-14 |
2017-09-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. |
|
15 |
CVE-2017-1002018 |
89 |
|
Sql |
2017-09-14 |
2017-09-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter. |
|
16 |
CVE-2017-1002017 |
79 |
|
XSS |
2017-09-14 |
2017-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. |
|
17 |
CVE-2017-1002016 |
434 |
|
|
2017-09-14 |
2017-09-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. |
|
18 |
CVE-2017-1002015 |
89 |
|
Sql |
2017-09-14 |
2017-09-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. |
|
19 |
CVE-2017-1002014 |
89 |
|
Sql |
2017-09-14 |
2017-09-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. |
|
20 |
CVE-2017-1002013 |
89 |
|
Sql |
2017-09-14 |
2017-09-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. |
|
21 |
CVE-2017-1002012 |
20 |
|
|
2017-09-14 |
2017-09-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement. |
|
22 |
CVE-2017-1002011 |
79 |
|
XSS |
2017-09-14 |
2017-09-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database. |
|
23 |
CVE-2017-1002010 |
89 |
|
Sql |
2017-09-14 |
2017-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. |
|
24 |
CVE-2017-1002009 |
89 |
|
Sql |
2017-09-14 |
2017-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function. |
|
25 |
CVE-2017-1002008 |
434 |
|
|
2017-09-14 |
2017-09-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. |
|
26 |
CVE-2017-1002007 |
285 |
|
|
2017-09-14 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. |
|
27 |
CVE-2017-1002006 |
285 |
|
|
2017-09-14 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. |
|
28 |
CVE-2017-1002005 |
20 |
|
|
2017-09-14 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. |
|
29 |
CVE-2017-1002004 |
20 |
|
|
2017-09-14 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. |
|
30 |
CVE-2017-1002003 |
434 |
|
|
2017-09-14 |
2017-09-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. |
|
31 |
CVE-2017-1002002 |
434 |
|
|
2017-09-14 |
2017-09-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/ |
|
32 |
CVE-2017-1002001 |
434 |
|
|
2017-09-14 |
2017-09-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. |
|
33 |
CVE-2017-1002000 |
434 |
|
|
2017-09-14 |
2017-09-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content. |
|
34 |
CVE-2017-1001004 |
20 |
|
Exec Code |
2017-11-27 |
2017-12-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. |
|
35 |
CVE-2017-1001003 |
20 |
|
|
2017-11-27 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object. |
|
36 |
CVE-2017-1001002 |
94 |
|
Exec Code |
2017-11-27 |
2018-01-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. |
|
37 |
CVE-2017-1001001 |
79 |
|
XSS |
2017-11-01 |
2017-11-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. |
|
38 |
CVE-2017-1001000 |
264 |
|
|
2017-04-02 |
2017-07-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI. |
|
39 |
CVE-2017-1000410 |
200 |
|
Bypass +Info |
2017-12-07 |
2018-05-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). |
|
40 |
CVE-2017-1000407 |
754 |
|
DoS |
2017-12-11 |
2018-04-24 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. |
|
41 |
CVE-2017-1000406 |
254 |
|
|
2017-11-30 |
2017-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart). |
|
42 |
CVE-2017-1000405 |
362 |
|
|
2017-11-30 |
2018-02-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp. |
|
43 |
CVE-2017-1000385 |
310 |
|
|
2017-12-12 |
2018-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack). |
|
44 |
CVE-2017-1000383 |
200 |
|
+Info |
2017-10-31 |
2017-11-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. |
|
45 |
CVE-2017-1000382 |
200 |
|
+Info |
2017-10-31 |
2017-11-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. |
|
46 |
CVE-2017-1000381 |
200 |
|
+Info |
2017-07-07 |
2017-07-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. |
|
47 |
CVE-2017-1000380 |
200 |
|
+Info |
2017-06-17 |
2017-12-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. |
|
48 |
CVE-2017-1000379 |
264 |
|
|
2017-06-19 |
2018-01-04 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected. |
|
49 |
CVE-2017-1000378 |
399 |
|
Exec Code |
2017-06-19 |
2017-06-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions. |
|
50 |
CVE-2017-1000377 |
119 |
|
Overflow Bypass |
2017-06-19 |
2017-07-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time). |
