CVE List - 2017 / November
Showing 601 - 700 of 1066 CVEs for November 2017 (Page 7 of 11)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-1000213 | 2017-11-17 | WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search |
| CVE-2017-1000220 | 2017-11-17 | soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution |
| CVE-2017-1000198 | 2017-11-17 | tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service |
| CVE-2017-1000199 | 2017-11-17 | tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. |
| CVE-2017-1000200 | 2017-11-17 | tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service |
| CVE-2017-1000201 | 2017-11-17 | The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack |
| CVE-2017-1000208 | 2017-11-17 | A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the... |
| CVE-2017-1000193 | 2017-11-17 | October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser. |
| CVE-2017-1000194 | 2017-11-17 | October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. |
| CVE-2017-1000195 | 2017-11-17 | October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server. |
| CVE-2017-1000196 | 2017-11-17 | October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server. |
| CVE-2017-1000197 | 2017-11-17 | October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server. |
| CVE-2017-1000209 | 2017-11-17 | The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which... |
| CVE-2017-1000188 | 2017-11-17 | nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection |
| CVE-2017-1000189 | 2017-11-17 | nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() |
| CVE-2017-1000228 | 2017-11-17 | nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function |
| CVE-2017-1000172 | 2017-11-17 | Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access... |
| CVE-2017-1000173 | 2017-11-17 | Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that... |
| CVE-2017-1000238 | 2017-11-17 | InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to... |
| CVE-2017-1000239 | 2017-11-17 | InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser... |
| CVE-2017-1000240 | 2017-11-17 | The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary... |
| CVE-2017-1000241 | 2017-11-17 | The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible... |
| CVE-2017-1000231 | 2017-11-17 | A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. |
| CVE-2017-1000232 | 2017-11-17 | A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. |
| CVE-2017-1000234 | 2017-11-17 | I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter |
| CVE-2017-1000235 | 2017-11-17 | I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. |
| CVE-2017-1000236 | 2017-11-17 | I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be... |
| CVE-2017-1000237 | 2017-11-17 | I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. |
| CVE-2017-1000246 | 2017-11-17 | Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. |
| CVE-2017-1000247 | 2017-11-17 | British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. |
| CVE-2017-1000248 | 2017-11-17 | Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis |
| CVE-2017-1000229 | 2017-11-17 | Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. |
| CVE-2017-1000125 | 2017-11-17 | Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. |
| CVE-2017-1000129 | 2017-11-17 | Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure |
| CVE-2017-1000160 | 2017-11-17 | EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection |
| CVE-2017-1000164 | 2017-11-17 | Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation |
| CVE-2017-1000223 | 2017-11-17 | A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious... |
| CVE-2017-1000225 | 2017-11-17 | Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can |
| CVE-2017-1000226 | 2017-11-17 | Stop User Enumeration 1.3.8 allows user enumeration via the REST API |
| CVE-2017-16868 | 2017-11-17 | In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow... |
| CVE-2017-16869 | 2017-11-17 | p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file,... |
| CVE-2017-16870 | 2017-11-17 | The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege... |
| CVE-2017-16871 | 2017-11-17 | The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name... |
| CVE-2017-16872 | 2017-11-17 | An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had... |
| CVE-2017-10886 | 2017-11-17 | Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject... |
| CVE-2017-10887 | 2017-11-17 | Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-10888 | 2017-11-17 | BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors. |
| CVE-2017-10889 | 2017-11-17 | TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. |
| CVE-2017-10890 | 2017-11-17 | Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware... |
| CVE-2017-4927 | 2017-11-17 | VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of... |
| CVE-2017-4928 | 2017-11-17 | The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due... |
| CVE-2017-4929 | 2017-11-17 | VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. |
| CVE-2017-4934 | 2017-11-17 | VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. |
| CVE-2017-4935 | 2017-11-17 | VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow... |
| CVE-2017-4936 | 2017-11-17 | VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow... |
| CVE-2017-4937 | 2017-11-17 | VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow... |
| CVE-2017-4938 | 2017-11-17 | VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges... |
| CVE-2017-1000211 | 2017-11-17 | Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. |
| CVE-2017-1000203 | 2017-11-17 | ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution |
| CVE-2017-1000206 | 2017-11-17 | samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution |
| CVE-2017-1000212 | 2017-11-17 | Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated... |
| CVE-2017-16875 | 2017-11-17 | An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection... |
| CVE-2017-16819 | 2017-11-17 | A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field... |
| CVE-2017-1000191 | 2017-11-17 | Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS. |
| CVE-2017-1000192 | 2017-11-17 | Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the... |
| CVE-2017-16877 | 2017-11-17 | ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. |
| CVE-2017-1000170 | 2017-11-17 | jqueryFileTree 2.1.5 and older Directory Traversal |
| CVE-2017-13700 | 2017-11-17 | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. |
| CVE-2017-13702 | 2017-11-17 | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused. |
| CVE-2017-13703 | 2017-11-17 | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur. |
| CVE-2017-1000168 | 2017-11-17 | sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys |
| CVE-2017-1000169 | 2017-11-17 | QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB. |
| CVE-2017-6168 | 2017-11-17 | On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile... |
| CVE-2017-1000215 | 2017-11-17 | ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution |
| CVE-2017-14111 | 2017-11-17 | The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials... |
| CVE-2017-16845 | 2017-11-17 | hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. |
| CVE-2017-1000190 | 2017-11-17 | SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. |
| CVE-2017-1000227 | 2017-11-17 | Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can |
| CVE-2017-1000163 | 2017-11-17 | The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks. |
| CVE-2017-1000230 | 2017-11-17 | The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input,... |
| CVE-2017-16880 | 2017-11-17 | The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS. |
| CVE-2017-4939 | 2017-11-17 | VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to... |
| CVE-2017-1000126 | 2017-11-17 | exiv2 0.26 contains a Stack out of bounds read in webp parser |
| CVE-2017-1000127 | 2017-11-17 | Exiv2 0.26 contains a heap buffer overflow in tiff parser |
| CVE-2017-1000128 | 2017-11-17 | Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser |
| CVE-2017-1000217 | 2017-11-17 | Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0. |
| CVE-2017-1000221 | 2017-11-17 | In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that... |
| CVE-2017-16566 | 2017-11-17 | On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for... |
| CVE-2017-14077 | 2017-11-18 | HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php. |
| CVE-2017-16881 | 2017-11-18 | b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and... |
| CVE-2017-16882 | 2017-11-18 | Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by... |
| CVE-2017-16883 | 2017-11-18 | The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf... |
| CVE-2017-16892 | 2017-11-19 | In Bftpd before 4.7, there is a memory leak in the file rename function. |
| CVE-2017-16894 | 2017-11-20 | In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about... |
| CVE-2017-15110 | 2017-11-20 | In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants... |
| CVE-2017-11400 | 2017-11-20 | An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system)... |
| CVE-2017-11401 | 2017-11-20 | An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows... |
| CVE-2017-11402 | 2017-11-20 | An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely... |
| CVE-2017-16544 | 2017-11-20 | In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize... |
| CVE-2016-6804 | 2017-11-20 | The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires... |