CVE List - 2017 / December
Showing 401 - 500 of 1105 CVEs for December 2017 (Page 5 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-16682 | 2017-12-12 | SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can... |
| CVE-2017-16683 | 2017-12-12 | Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. |
| CVE-2017-16684 | 2017-12-12 | SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. |
| CVE-2017-16685 | 2017-12-12 | Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs. |
| CVE-2017-16687 | 2017-12-12 | The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and... |
| CVE-2017-16689 | 2017-12-12 | A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can... |
| CVE-2017-16690 | 2017-12-12 | A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like... |
| CVE-2017-16691 | 2017-12-12 | SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'.... |
| CVE-2017-17558 | 2017-12-12 | The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release... |
| CVE-2017-17560 | 2017-12-12 | An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to... |
| CVE-2017-17561 | 2017-12-12 | SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php. |
| CVE-2017-17562 | 2017-12-12 | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI... |
| CVE-2017-12155 | 2017-12-12 | A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph... |
| CVE-2017-5717 | 2017-12-12 | Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access. |
| CVE-2017-1000385 | 2017-12-12 | The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign... |
| CVE-2017-11885 | 2017-12-12 | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server... |
| CVE-2017-11886 | 2017-12-12 | Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows... |
| CVE-2017-11887 | 2017-12-12 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511,... |
| CVE-2017-11888 | 2017-12-12 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due... |
| CVE-2017-11889 | 2017-12-12 | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user,... |
| CVE-2017-11890 | 2017-12-12 | Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows... |
| CVE-2017-11893 | 2017-12-12 | ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due... |
| CVE-2017-11894 | 2017-12-12 | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer... |
| CVE-2017-11895 | 2017-12-12 | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge... |
| CVE-2017-11899 | 2017-12-12 | Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files... |
| CVE-2017-11901 | 2017-12-12 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709,... |
| CVE-2017-11903 | 2017-12-12 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703,... |
| CVE-2017-11905 | 2017-12-12 | ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due... |
| CVE-2017-11906 | 2017-12-12 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607,... |
| CVE-2017-11907 | 2017-12-12 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703,... |
| CVE-2017-11908 | 2017-12-12 | ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka... |
| CVE-2017-11909 | 2017-12-12 | ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the... |
| CVE-2017-11910 | 2017-12-12 | ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how... |
| CVE-2017-11911 | 2017-12-12 | ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the... |
| CVE-2017-11912 | 2017-12-12 | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and... |
| CVE-2017-11913 | 2017-12-12 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703,... |
| CVE-2017-11914 | 2017-12-12 | ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to... |
| CVE-2017-11916 | 2017-12-12 | ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory... |
| CVE-2017-11918 | 2017-12-12 | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due... |
| CVE-2017-11919 | 2017-12-12 | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607,... |
| CVE-2017-11927 | 2017-12-12 | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server... |
| CVE-2017-11930 | 2017-12-12 | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703,... |
| CVE-2017-11932 | 2017-12-12 | Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing... |
| CVE-2017-11934 | 2017-12-12 | Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft... |
| CVE-2017-11935 | 2017-12-12 | Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". |
| CVE-2017-11936 | 2017-12-12 | Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". |
| CVE-2017-11939 | 2017-12-12 | Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability". |
| CVE-2017-17563 | 2017-12-12 | An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect... |
| CVE-2017-17564 | 2017-12-12 | An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error... |
| CVE-2017-17565 | 2017-12-12 | An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in... |
| CVE-2017-17566 | 2017-12-12 | An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode... |
| CVE-2017-17669 | 2017-12-13 | There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. |
| CVE-2017-13098 | 2017-12-13 | BouncyCastle JCE TLS Bleichenbacher/ROBOT |
| CVE-2017-13099 | 2017-12-13 | wolfSSL Bleichenbacher/ROBOT |
| CVE-2017-14361 | 2017-12-13 | MFSBGN03793 rev.1 - Project and Portfolio Management Center, Multiple vulnerabilities |
| CVE-2017-14362 | 2017-12-13 | MFSBGN03793 rev.1 - Project and Portfolio Management Center, Multiple vulnerabilities |
| CVE-2017-4942 | 2017-12-13 | VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator. |
| CVE-2017-5530 | 2017-12-13 | SAML protocol handling errors in tibbr |
| CVE-2017-5534 | 2017-12-13 | Improper sandboxing of a third-party component in tibbr |
| CVE-2017-17538 | 2017-12-13 | MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. |
| CVE-2017-17567 | 2017-12-13 | Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. |
| CVE-2017-17568 | 2017-12-13 | Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. |
| CVE-2017-17569 | 2017-12-13 | Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter. |
| CVE-2017-17570 | 2017-12-13 | FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter. |
| CVE-2017-17571 | 2017-12-13 | FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter. |
| CVE-2017-17572 | 2017-12-13 | FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. |
| CVE-2017-17573 | 2017-12-13 | FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter. |
| CVE-2017-17574 | 2017-12-13 | FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter. |
| CVE-2017-17575 | 2017-12-13 | FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. |
| CVE-2017-17576 | 2017-12-13 | FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. |
| CVE-2017-17577 | 2017-12-13 | FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter. |
| CVE-2017-17578 | 2017-12-13 | FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. |
| CVE-2017-17579 | 2017-12-13 | FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter. |
| CVE-2017-17580 | 2017-12-13 | FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. |
| CVE-2017-17581 | 2017-12-13 | FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. |
| CVE-2017-17582 | 2017-12-13 | FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter. |
| CVE-2017-17583 | 2017-12-13 | FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter. |
| CVE-2017-17584 | 2017-12-13 | FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter. |
| CVE-2017-17585 | 2017-12-13 | FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter. |
| CVE-2017-17586 | 2017-12-13 | FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter. |
| CVE-2017-17587 | 2017-12-13 | FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter. |
| CVE-2017-17588 | 2017-12-13 | FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter. |
| CVE-2017-17589 | 2017-12-13 | FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter. |
| CVE-2017-17590 | 2017-12-13 | FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter. |
| CVE-2017-17591 | 2017-12-13 | Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter. |
| CVE-2017-17592 | 2017-12-13 | Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter. |
| CVE-2017-17593 | 2017-12-13 | Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/. |
| CVE-2017-17594 | 2017-12-13 | DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter. |
| CVE-2017-17595 | 2017-12-13 | Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter. |
| CVE-2017-17596 | 2017-12-13 | Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter. |
| CVE-2017-17597 | 2017-12-13 | Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter. |
| CVE-2017-17598 | 2017-12-13 | Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter. |
| CVE-2017-17599 | 2017-12-13 | Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. |
| CVE-2017-17600 | 2017-12-13 | Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. |
| CVE-2017-17601 | 2017-12-13 | Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter. |
| CVE-2017-17602 | 2017-12-13 | Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter. |
| CVE-2017-17603 | 2017-12-13 | Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter. |
| CVE-2017-17604 | 2017-12-13 | Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter. |
| CVE-2017-17605 | 2017-12-13 | Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter. |
| CVE-2017-17606 | 2017-12-13 | Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter. |