CVE List - 2017 / November
Showing 501 - 600 of 1066 CVEs for November 2017 (Page 6 of 11)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-16777 | 2017-11-16 | If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo... |
| CVE-2017-16844 | 2017-11-16 | Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code... |
| CVE-2017-16846 | 2017-11-16 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. |
| CVE-2017-16847 | 2017-11-16 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. |
| CVE-2017-16848 | 2017-11-16 | Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. |
| CVE-2017-16849 | 2017-11-16 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. |
| CVE-2017-16850 | 2017-11-16 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. |
| CVE-2017-16851 | 2017-11-16 | Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. |
| CVE-2017-16852 | 2017-11-16 | shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as... |
| CVE-2017-16853 | 2017-11-16 | The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature... |
| CVE-2017-1086 | 2017-11-16 | In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not... |
| CVE-2017-1087 | 2017-11-16 | In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory... |
| CVE-2017-1088 | 2017-11-16 | In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled... |
| CVE-2017-14028 | 2017-11-16 | A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior,... |
| CVE-2017-16715 | 2017-11-16 | An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior,... |
| CVE-2017-16719 | 2017-11-16 | An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and... |
| CVE-2017-16843 | 2017-11-16 | Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. |
| CVE-2017-16866 | 2017-11-16 | dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field. |
| CVE-2017-16867 | 2017-11-16 | Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house... |
| CVE-2017-4930 | 2017-11-16 | VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation... |
| CVE-2017-4931 | 2017-11-16 | VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of... |
| CVE-2017-4932 | 2017-11-16 | VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege.... |
| CVE-2017-0866 | 2017-11-16 | An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree. This could... |
| CVE-2017-0909 | 2017-11-16 | The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery. |
| CVE-2017-11012 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command a... |
| CVE-2017-11013 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, countOffset (in function UnpackCore) is increased for each loop, while... |
| CVE-2017-11014 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing a Measurement Request IE in a Roam Neighbor... |
| CVE-2017-11015 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128 which... |
| CVE-2017-11017 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a specially crafted UBI image, it is possible... |
| CVE-2017-11018 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera... |
| CVE-2017-11022 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information... |
| CVE-2017-11023 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to... |
| CVE-2017-11024 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can... |
| CVE-2017-11025 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory... |
| CVE-2017-11026 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method... |
| CVE-2017-11027 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being... |
| CVE-2017-11028 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary... |
| CVE-2017-11029 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers "user-memory-access" issue as the Camera CPP module... |
| CVE-2017-11032 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a double free can occur when kmalloc fails to allocate... |
| CVE-2017-11035 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "sme_set_ft_ies"... |
| CVE-2017-11038 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be... |
| CVE-2017-11058 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer... |
| CVE-2017-11073 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qcacld pktlog allows mapping memory via /proc/ath_pktlog/cld to user... |
| CVE-2017-11085 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading to a buffer overflow due to... |
| CVE-2017-11089 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space... |
| CVE-2017-11090 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space... |
| CVE-2017-11091 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free... |
| CVE-2017-11092 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free... |
| CVE-2017-11093 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer Over-read in Display due to the lack of an... |
| CVE-2017-15516 | 2017-11-16 | NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. |
| CVE-2017-8279 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can... |
| CVE-2017-9690 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check... |
| CVE-2017-9696 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable... |
| CVE-2017-9701 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur,... |
| CVE-2017-9702 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver. |
| CVE-2017-9719 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur... |
| CVE-2017-9721 | 2017-11-16 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the boot loader, a buffer overflow can occur while... |
| CVE-2017-0830 | 2017-11-16 | An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498. |
| CVE-2017-0831 | 2017-11-16 | An elevation of privilege vulnerability in the Android framework (window manager). Product: Android. Versions: 8.0. Android ID: A-37442941. |
| CVE-2017-0832 | 2017-11-16 | A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820. |
| CVE-2017-0833 | 2017-11-16 | A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384. |
| CVE-2017-0834 | 2017-11-16 | A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953. |
| CVE-2017-0835 | 2017-11-16 | A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832. |
| CVE-2017-0836 | 2017-11-16 | A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226. |
| CVE-2017-0838 | 2017-11-16 | An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-63522818. |
| CVE-2017-0839 | 2017-11-16 | An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003. |
| CVE-2017-0840 | 2017-11-16 | An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670. |
| CVE-2017-0841 | 2017-11-16 | A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026. |
| CVE-2017-0842 | 2017-11-16 | An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513. |
| CVE-2017-0843 | 2017-11-16 | An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. References: M-ALPS03361488. |
| CVE-2017-0845 | 2017-11-16 | A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827. |
| CVE-2017-0847 | 2017-11-16 | An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999. |
| CVE-2017-0848 | 2017-11-16 | An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217. |
| CVE-2017-0849 | 2017-11-16 | An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399. |
| CVE-2017-0850 | 2017-11-16 | An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941. |
| CVE-2017-0851 | 2017-11-16 | An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570. |
| CVE-2017-0852 | 2017-11-16 | A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506. |
| CVE-2017-0853 | 2017-11-16 | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63121644. |
| CVE-2017-0854 | 2017-11-16 | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837. |
| CVE-2017-0857 | 2017-11-16 | Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447. |
| CVE-2017-0858 | 2017-11-16 | Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894. |
| CVE-2017-0859 | 2017-11-16 | Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131. |
| CVE-2017-0860 | 2017-11-16 | An elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-31097064. |
| CVE-2017-0861 | 2017-11-16 | Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. |
| CVE-2017-0862 | 2017-11-16 | An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779. |
| CVE-2017-0863 | 2017-11-16 | An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620. |
| CVE-2017-0864 | 2017-11-16 | An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571. |
| CVE-2017-0865 | 2017-11-16 | An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195. |
| CVE-2017-1000158 | 2017-11-17 | CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) |
| CVE-2017-1000218 | 2017-11-17 | LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution. |
| CVE-2017-1000219 | 2017-11-17 | npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user |
| CVE-2017-1000224 | 2017-11-17 | CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin |
| CVE-2017-15517 | 2017-11-17 | AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords... |
| CVE-2017-1000174 | 2017-11-17 | In SWFTools, an address access exception was found in swfdump swf_GetBits(). |
| CVE-2017-1000176 | 2017-11-17 | In SWFTools, a memcpy buffer overflow was found in swfc. |
| CVE-2017-1000182 | 2017-11-17 | In SWFTools, a memory leak was found in wav2swf. |
| CVE-2017-1000185 | 2017-11-17 | In SWFTools, a memcpy buffer overflow was found in gif2swf. |
| CVE-2017-1000186 | 2017-11-17 | In SWFTools, a stack overflow was found in pdf2swf. |
| CVE-2017-1000187 | 2017-11-17 | In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF() |
| CVE-2017-1000210 | 2017-11-17 | picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack |